RE: Port scanning legal

["Jeff Wheat" <jeff () cetlink net>]

Isn't that just sweet... So in a nutshell it is *not* illegal
for kiddies to port scan a network looking for vulnerabilities.
It would seem to me that such scans would impair the integrity
of ones networks, or am I just smoking crack?

Jeff
CETLink.Net

> -----Original Message-----
> From: owner-nanog () merit edu [mailto:owner-nanog () merit edu]On Behalf Of
> Edward S. Marshall
> Sent: Tuesday, December 19, 2000 10:43 AM
> To: nanog () merit edu
> Subject: Port scanning legal
>
>
>
> http://www.securityfocus.com/templates/article.html?id=126
>
> A quick quote from the article:
>
>     A tiff between two IT contractors that spiraled into federal court
>     ended last month with a U.S. district court ruling in Georgia that
>     port scanning a network does not damage it, under a section of the
>     anti-hacking laws that allows victims of cyber attack to sue an
>     attacker.
>
>     Last week both sides agreed not to appeal the decision by judge Thomas
>     Thrash, who found that the value of time spent investigating a port
>     scan can not be considered damage. "The statute clearly states that
>     the damage must be an impairment to the integrity and availability of
>     the network," wrote the judge, who found that a port scan impaired
>     neither.
>
> This may have ramifications for both security professionals and abuse desk
> personnel; this ruling would seem to make it clear that you cannot claim
> time spent investigating abuse issues as damage. The complete finding is
> here:
>
>     http://pub.bna.com/eclr/00434.htm
>
> Any armchair lawyers on the list want to take a crack at this?
>
> --
> Edward S. Marshall <emarshal () logic net>
> http://www.nyx.net/~emarshal/
> ------------------------------------------------------------------
> -------------
> [                  Felix qui potuit rerum cognoscere causas.
>             ]