Security Incidents mailing list archives
Re: ICMP mapping, questioning legality!!
From: "Greg A. Woods" <woods () weird com>
Date: Thu, 14 Sep 2000 19:50:13 -0400
[ On Wednesday, September 13, 2000 at 16:22:15 (-0700), Ryan Russell wrote: ]
Subject: Re: ICMP mapping, questioning legality!! lots of problems with laws like this, as you point out. First one is "authorization". I've got no way to know if I'm authorized to pull a web page from someone's web server.
Actually you do. In systems security circles it is often argued that anything which is not explicitly denied is implicitly permitted. While this may not hold for stupid analogies such as not passing through an unlocked door which has no explicit warning against trespass (eg. your car door), it's pretty obvious when you consider what the Internet is for and why people usually connect up to the Internet. Wiggling door handles to see if they are locked is usually an indication of suspicious activity, but any over-eager cop who issues anything more than a stern verbal warning is likely to get just as big a reprimand from the judge as the perpetrator does. (And unless the kid's been doing other suspicious things then I'd bet the case is almost certainly going to be simply dismissed -- even the maximum fine won't pay the costs incurred by the over-eager cop and both sides have to learn their lesson....)
The problem is, try and get the same people to undertand a SYN scan when you're a defendent, and you may be screwed.
On this basis of the above though people with legitimate needs to discover what services some host do offer would probably best be advised to use a full TCP conect() port scan rather than any kind of so-called "stealth scan".
There's a general expectation that if you put up a web server that people will use it, and that is authorized and expected. Clearly, judging by the number of people in this forum who want to punish people who poke at them, various scans are neither authorized nor expected.
Common sense suggests that if you don't want your ports to be scanned then don't connect it to the Internet. Any other expectations about what will or will not happen to a host connected to the net for *any* purpose (even just as a client) are totally unfounded. If you don't want anyone to even look funny at your computer then you put it in a physically secure room and you post a guard (armed if necessary) at the door. The law only sets expectations for law abiding people. Those who don't abide by the law may seek loopholes in it in order to reduce their risk, but in the end they will simply ignore the law if their potential for gain exceeds their perception of the risk at ataining that gain. -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods () acm org> <robohack!woods> Planix, Inc. <woods () planix com>; Secrets of the Weird <woods () weird com>
Current thread:
- ICMP mapping, questioning legality!! sec (Sep 12)
- Re: ICMP mapping, questioning legality!! Jose Nazario (Sep 12)
- Re: ICMP mapping, questioning legality!! Benjamin Krueger (Sep 12)
- <Possible follow-ups>
- Re: ICMP mapping, questioning legality!! Robert G. Ferrell (Sep 12)
- Re: ICMP mapping, questioning legality!! David Knapp (Sep 13)
- Re: ICMP mapping, questioning legality!! UnixGeek (Sep 13)
- Re: ICMP mapping, questioning legality!! Ryan Russell (Sep 14)
- Re: ICMP mapping, questioning legality!! Greg A. Woods (Sep 14)
- Re: ICMP mapping, questioning legality!! Rune Kristian Viken (Sep 17)
- Re: ICMP mapping, questioning legality!! UnixGeek (Sep 13)
- Re: ICMP mapping, questioning legality!! Steve Stearns (Sep 13)