Security Incidents mailing list archives

Re: ICMP mapping, questioning legality!!

From: Ryan Russell <ryan () SECURITYFOCUS COM>
Date: Wed, 13 Sep 2000 16:22:15 -0700

On Wed, 13 Sep 2000, UnixGeek wrote:

After a more thorough read of part c, it seems highly unlikely that a
prosecutor could take a single act of running nmap, pscan or whatever
against a system as a form of 'access'.  The code harps on the terms of
data, service and documentation and the illegal 'taking'(in the legal
sense of the word) of such.  Where, in a portscan, is this 'taking'?


lots of problems with laws like this, as you point out.  First one is
"authorization".  I've got no way to know if I'm authorized to pull a web
page from someone's web server.  If someone could be prosecuted under this
bit of law for, say a ping sweep, then I could prosecute you people for
accessing port 80 on www.securityfocus.com, or connecting to port 25 of
lists.securityfocus.com.  I never gave any of you permission.  But, just
to be a nice guy, you can all have permission from here on out. :)

No one would ever get prosecuted for that, because even really dumb
judges, jurors, and prosecutors have an understanding that if I'm running
a web or mail server, there's an expectation that it's OK to connect to
them.

The problem is, try and get the same people to undertand a SYN scan when
you're a defendent, and you may be screwed.

The problem is, common sense is not very common.  If a judge doesn't have
a good understaning of the tehcnical details of a SYN scan, he's going to
refer to the letter of the law.  The letter of the law pretty much says
that anything you do to cause my CPU to spin a cycle that you don't have
explicit permission for, may be a crime.

There's a general expectation that if you put up a web server that people
will use it, and that is authorized and expected.  Clearly, judging by the
number of people in this forum who want to punish people who poke at them,
various scans are neither authorized nor expected.

So, couple a badly written law with some significant number of people who
consider scans hostile, and you've got scans being illegal until precedent
says otherwise.

It all boils down to what the judge will go for.  Given recent rulings on
DeCSS, etc.. it doesn't look particularly safe to tempt fate.

                                        Ryan

Current thread:

ICMP mapping, questioning legality!! sec (Sep 12)
- Re: ICMP mapping, questioning legality!! Jose Nazario (Sep 12)
- Re: ICMP mapping, questioning legality!! Benjamin Krueger (Sep 12)
- <Possible follow-ups>
- Re: ICMP mapping, questioning legality!! Robert G. Ferrell (Sep 12)
- Re: ICMP mapping, questioning legality!! David Knapp (Sep 13)
  - Re: ICMP mapping, questioning legality!! UnixGeek (Sep 13)
    - Re: ICMP mapping, questioning legality!! Ryan Russell (Sep 14)
    - Re: ICMP mapping, questioning legality!! Greg A. Woods (Sep 14)
    - Re: ICMP mapping, questioning legality!! Rune Kristian Viken (Sep 17)
  - Re: ICMP mapping, questioning legality!! Steve Stearns (Sep 13)
- Re: ICMP mapping, questioning legality!! Robert G. Ferrell (Sep 14)