Full Disclosure mailing list archives
Re: Nmap Online
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Fri, 1 Dec 2006 12:24:56 -0500
On 01 Dec 2006 08:54:23 -0800, Randal L. Schwartz <merlyn () stonehenge com> wrote:
"Dude" == Dude VanWinkle <dudevanwinkle () gmail com> writes:Dude> Its obvious that anyone who hires Stonehenge Consulting services is Dude> getting someone who cant read. I never said postscanning was illegal. Dude> i said it "isnt illegal". And I'm disagreeing with this.
Why?
Dude> I even provided a link to the case in Dude> georgia that helped decide this. If there's caselaw in Georgia, that's useful for Georgia, but certainly isn't referencable in the 49 other states. So you can't generalize that.
So, you are disagreeing with Kevin who states: http://www.securityfocus.com/news/126 "The ruling does not affect criminal applications of the anti-hacking law, but federal law enforcement officials are generally in agreement that port scanning is not a crime." Do you know of a case where someone was convicted due to a portscan? I can imagine that a portscan may be used in conjunction with other evidence to build a case for intent, but I have not heard of anyone being busted for an nmap scan. I was going to build the case, but it looks like someone has already done it for me: from:http://www.krcf.org/krcfhome/MINDS_NEWYORK/1MoC3e_d.htm <snip> Only one published opinion has considered the legality of port scans. That court held that such activity did not violate federal or state computer protection statues or other law. The federal district court for the Northern District of Georgia held that a party who conducted port scans of another party's computer systems did not violate the Computer Fraud and Abuse Act (18 U.S.C. s. 1030) [1], because he neither caused damaged nor gained access to the computers at issue. Moulton v. VC3, 2000 WL 3331091 at *6 (N.D. Ga., Nov. 7, 2000). Nor did the port scans violate state law, because they did not interfere with computer or network activity. References: [1] The Computer Fraud and Abuse Act: <http://www.usdoj.gov:80/criminal/cybercrime/1030_new.html> [2] Moulton v. VC3, 2000 WL 3331091 (N.D. Ga., Nov. 7, 2000) [3] Computer Crime and Intellectual Property Section, U.S. Department of Justice, Legislative Analysis of the 1996 National Information Infrastructure Protection Act: <http://www.usdoj.gov:80/criminal/cybercrime/1030_anal.html> [4] Computer Crime and Intellectual Property Section, U.S. Department of Justice, Field Guidance on New Authorities That Relate to Computer Crime and Electronic Evidence Enacted in the USA Patriot Act of 2001<http://www.usdoj.gov:80/criminal/cybercrime/PatriotAct.htm> --------------------------- So back to my earlier statement, if you nessus someones machine, that would impact their performance and be illegal, a single nmap scan, not so much. Now I am not saying that some hot-shot lawyer wouldnt be able to convince a judge to imprison someone for an nmap scan but while you may be able to convince a judge that OJ didnt do it, murder is still illegal -JP <who has seen someone convicted of hacking from remote via "evidence" that was 192.168.x ip addresses in the logs> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Nmap Online Mike Huber (Dec 01)
- Re: Nmap Online Dude VanWinkle (Dec 01)
- Re: Nmap Online Col (Dec 01)
- Re: Nmap Online David Swafford (Dec 01)
- Re: Nmap Online Michael Holstein (Dec 01)
- Re: Nmap Online Col (Dec 01)
- Re: Nmap Online Randal L. Schwartz (Dec 01)
- Re: Nmap Online Dude VanWinkle (Dec 01)
- Re: Nmap Online Randal L. Schwartz (Dec 01)
- Re: Nmap Online Dude VanWinkle (Dec 01)
- Re: Nmap Online Dude VanWinkle (Dec 01)
- Re: Nmap Online Randal L. Schwartz (Dec 01)
- Re: Nmap Online Dude VanWinkle (Dec 01)
- Re: Nmap Online Dude VanWinkle (Dec 01)
- Re: Nmap Online Michael Holstein (Dec 01)
- Re: Nmap Online Jason Miller (Dec 01)
- Re: Nmap Online Dude VanWinkle (Dec 01)
- Re: Nmap Online Randal L. Schwartz (Dec 01)
- Re: Nmap Online Dude VanWinkle (Dec 01)
- <Possible follow-ups>
- Re: Nmap Online David Taylor (Dec 01)