Re: how to deal with port scan and brute force attack from AS 8075 ?

[Owen DeLong <owen () delong com>]

> On Apr 7, 2016, at 07:41 , William Herrin <bill () herrin us> wrote:
>
> On Thu, Mar 31, 2016 at 5:36 AM, Bacon Zombie <baconzombie () gmail com> wrote:
> > I would ignore the portscans since there is nothing wrong with portscanning
> > the Internet.
>
> You might want to check with your lawyer on that. If you
> _intentionally_ port-scan a computer located in Virginia without the
> owner's permission (and do nothing else, just port-scan it) it's a
> class 3 misdemeanor under 18.2-152.1, et seq. That's up to a $500 fine
> for each computer you scan. By comparison, shoplifting is a class 1
> misdemeanor while possession of a schedule V narcotic is another class
> 3.

I think you’re on shaky ground here.

18.2-152.3 reads:

Any person who uses a computer or computer network, without authority and:
1. Obtains property or services by false pretenses;
2. Embezzles or commits larceny; or
3. Converts the property of another;
is guilty of the crime of computer fraud.
If the value of the property or services obtained is $200 or more, the crime of computer fraud shall be punishable as a 
Class 5 felony. Where the value of the property or services obtained is less than $200, the crime of computer fraud 
shall be punishable as a Class 1 misdemeanor.

The requirements here are to meet at least one of the 3 tests listed.

I think it’s rather hard to claim that a portscan by itself “obtained property or services by false pretenses”.
I think it’s even harder to claim that it constitutes “embezzling” or “larceny”.
I also think you’d have a tough time arguing that eliciting a response packet to one or more packets actually 
constitutes conversion of property.

So I don’t see how you’d make much of a case for a port-scan being a violation of 18.2-152.1 et. seq.

I think the argument, rather easily, could be made that a port-scan is the internet equivalent of a door-knock. By 
itself, it doesn’t constitute unlawful entry. Now, a persistent door-knock might constitute some form of harassment and 
frequent or continuous port-scans could be argued to be a form of denial of service (which would constitute 
conversion), but the odd port-scan is unlikely to meet the tests under the law you cited.

> A key word here is "intentionally." Poking at it by mistake (e.g. you
> thought it was a different computer which you had the authority to
> scan) is not a crime. Nor, most likely, is less aggressive behavior
> which would not ordinarily be part of gaining unauthorized access,
> such as pinging or tracerouting.

I could be wrong, IANAL, but I’d be surprised if a mere portscan would actually be treated as a violation for the 
reasons cited above.

> Not that I've ever heard of someone being fined but you're definitely
> in to "something wrong" territory.

I don’t think you’ve made your case for “definite” so far. I agree you might be at risk from an overzealous prosecutor 
and an activist judge that hates hackers for some reason, but short of that, I think you’re unlikely to run afoul of 
this statute just on a port scan.


Owen