Full Disclosure mailing list archives

Re: Legality of Open Source Tools

From: Toni Korpela <admin () xorfork com>
Date: Mon, 07 Apr 2014 00:15:56 +0300

Hey Salo.

I know that the act of port scanning without permission
is illegal even though easily done thanks to Fyodor's nmap.

The thing is that I find it really funny that I can not distribute
nmap legally to a friend at some other point of the Internet
and ask him to port scan my IP address.

Then I have broken the two laws section 9 a and 9 b in the
finnish criminal code and he has broken section 9 b most
likely even without knowing this.

My teacher teached us how to use nmap for checking if
our Linux servers had any ports open. Did we break the law
by posessing nmap on computers which we were using at
the time?

I have been alerted by ISP once about doing these tasks,
which may seem malicious from home to my own server.

The ISP only asked back then to scan my computer for viruses
and I told them I have been generating that traffic to my own
dedicated server and they took the block away.

The problem I really find annoying about this is that it does
not define what is malicious designed software because
something like metasploit can be used to secure other
software, but it can also be used as malicious tool to
make harm to others.

On 04/06/2014 11:24 AM, Henri Salo wrote:

On Sat, Apr 05, 2014 at 01:23:51PM +0300, Toni Korpela wrote:

Greetings from Finland.

I know that here it is illegal to import, manufacture, sell
or otherwise distribute such machine or software which
are designed to endanger or harm information and
communication systems.

<snip>

Basic examples, which I have personally encountered:

1) Not allowed to port scan. Some ISPs are already monitoring and warning users
in case they do port scanning, but the reason for alerting might only be that
they monitor and try to get rid of malware in their networks.
2) Not allowed to list vulnerable systems. I can't for example list all
non-updated WordPress installations with their version numbers even this
information is available to anyone.

---
Henri Salo



_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

Re: Legality of Open Source Tools, (continued)
- Re: Legality of Open Source Tools Brandon Perry (Apr 04)
- Re: Legality of Open Source Tools Andres Riancho (Apr 04)
  - Message not available
    - Re: Legality of Open Source Tools Andres Riancho (Apr 04)
    - Re: Legality of Open Source Tools Ryan Dewhurst (Apr 04)
    - Re: Legality of Open Source Tools Volker Tanger (Apr 04)
    - Re: Legality of Open Source Tools Toni Korpela (Apr 05)
    - Re: Legality of Open Source Tools Toni Korpela (Apr 05)
    - Re: Legality of Open Source Tools Henri Salo (Apr 06)
    - Re: Legality of Open Source Tools Jeffrey Walton (Apr 06)
    - Re: Legality of Open Source Tools Toni Korpela (Apr 06)
    - Re: Legality of Open Source Tools Toni Korpela (Apr 06)
    - Re: Legality of Open Source Tools Daniel Wood (Apr 07)
    - Re: Legality of Open Source Tools Not EcksKaySeeDee (Apr 04)
    - Re: Legality of Open Source Tools Brunner, Mark (Apr 04)
    - Message not available
    - Re: Legality of Open Source Tools John Young (Apr 05)
    - Re: Legality of Open Source Tools coderman (Apr 06)
  - Re: Legality of Open Source Tools Sullo (Apr 04)
- Re: Legality of Open Source Tools coderman (Apr 06)