nanog mailing list archives

Re: Port scanning legal

From: Shawn McMahon <smcmahon () eiv com>
Date: Tue, 19 Dec 2000 13:57:38 -0500

On Tue, Dec 19, 2000 at 11:59:23AM -0500, John Fraizer wrote:


Had he likened portscanning someones network to walking into their back
yard with a ladder, climbing up to the second floor and checking for open
windows, perhaps the court would have found differently.


I'm sure they would, but it's a deeply flawed analogy.

How many ports must be scanned before you deem it an attack?  Is one port
enough?  Five?  50?

If you pick a number here, is that arbitrary, or do you have a valid
logical (and legally-supportable) reason for the number?

If one port is sufficient, then the act of typing an IP address into a
web browser to see if there's a web server listening is a crime.

Attachment: _bin
Description:

Current thread:

Port scanning legal Edward S. Marshall (Dec 19)
- RE: Port scanning legal Jeff Wheat (Dec 19)
  - RE: Port scanning legal Patrick Evans (Dec 19)
  - RE: Port scanning legal John Fraizer (Dec 19)
    - Re: Port scanning legal Shawn McMahon (Dec 19)
    - Re: Port scanning legal Alex Rubenstein (Dec 19)
    - Re: Port scanning legal Deepak Jain (Dec 19)
    - Re: Port scanning legal Leo Bicknell (Dec 19)
  - Re: Port scanning legal Valdis . Kletnieks (Dec 19)
    - Re: Port scanning legal mdevney (Dec 19)
    - Re: Port scanning legal Christian Kuhtz (Dec 19)
    - Re: Port scanning legal Todd Suiter (Dec 19)
  - Re: Port scanning legal Stephen Sprunk (Dec 19)
  - RE: Port scanning legal Matthew S. Hallacy (Dec 20)
- <Possible follow-ups>
- RE: Port scanning legal Mark Borchers (Dec 19)

(Thread continues...)