Nmap Announce mailing list archives

RE: publicly available resources and the law

From: "Frank Miller" <frankm () bend or us>
Date: Tue, 23 Feb 1999 13:21:08 -0800

Howdy,

That is the difference between a Felony and a Misdemonor according to
Oregon State Law.  If access a telnetd/ftpd/pop3/imap prompt and enter root,
system, admin, etc *and* there is an "Unauthorized" type banner, then this
will stick,  I have seen it happen.

If you are just opening POP3, telnetd, ftpd, or whatever ports, then I'd bet
my years ski/snowboarding pass that no District Attorney could bring up a
case.

In discussions with local/state PD's as a consultant ... a door rattle (with
 stay out warnings) along with more than just a port access (user/password
stream) can be considered a class A Misdemonor.  Each logged access to try
root at telnetd/ftpd is a single count BTW.

Now, if a user exploits an IMAPd hole *and* makes does an inetd hack with a
back door, bad juju ... it is now a Felony.  Each system change is a single
count of a class C felony.  I've seen this happen too.

I brought this message to the mail list not as a proponent of the law, but
out of
concern for what could transpire legally with grumpy targets.

Frank

-----Original Message-----
From: Technical Incursion Countermeasures [mailto:lists () ticm com]
Sent: Tuesday, February 23, 1999 2:36 PM
To: HD Moore
Cc: nmap-hackers () insecure org
Subject: Re: publicly available resources and the law

ahh a good fun topic :}..

ok AFAIK this is how it is interpreted normally..

Port scanning is quite rightly not a crime - it equates to rattling door
knobs and trying windows.. not a felony in itself - however it is
suspicious activity. This is the key...

Now if during our port scanning we happen to find a wide open NFS port and
access it - then we have committed a crime - because by port scanning we
have shown intent - it is no longer an accident that we just happened to
push on the door and fall in.

Now I know US law is different to Aust law  - but I'm guessing that the
intent provision is still there - i.e that to be convicted of a deliberate
act - the prosecution must show that you indented to commit the act.

Cheers,
Bret

PS and just in case someone is stupid enough to take what I said as legal
advise - its not :}
Technical Incursion Countermeasures
consulting () TICM COM                      http://www.ticm.com/
ph: (+61)(041) 4411 149(UTC+8 hrs)      fax: (+61)(08) 9454 6042

The Insider - a e'zine on Computer security
http://www.ticm.com/info/insider/index.html

Current thread:

publicly available resources and the law HD Moore (Feb 23)
- Re: publicly available resources and the law Technical Incursion Countermeasures (Feb 23)
  - RE: publicly available resources and the law Frank Miller (Feb 23)
  - Re: publicly available resources and the law Bennett Todd (Feb 23)
  - Re: publicly available resources and the law Lamont Granquist (Feb 23)
    - RE: legality of port-mapping Dragos Ruiu (Feb 23)
    - RE: legality of port-mapping Lamont Granquist (Feb 24)
  - Re: publicly available resources and the law Daemor (Feb 23)
- RE: publicly available resources and the law Frank Miller (Feb 23)
  - RE: publicly available resources and the law Erik Parker (Feb 23)
- RE: publicly available resources and the law Dragos Ruiu (Feb 23)
  - RE: publicly available resources and the law Frank Miller (Feb 23)
    - RE: publicly available resources and the law rain.forest.puppy (Feb 23)

(Thread continues...)