Nmap Announce mailing list archives
RE: publicly available resources and the law
From: Dion Stempfley <Dion () riptech com>
Date: Fri, 26 Feb 1999 08:29:18 -0500
I have spent some years working with law enforcement on these issues, and have some thoughts about the discussion. The same part of the US Code which makes war dialing illegal has been interpreted as making port scans illegal...sometimes. I have asked US and states attorneys the same question for years. I usually get a different answer from each. The general opinion from many prominent Justice Department officials, although not necessarily an official department position, is that portscans do not reach the level required for arrest or prosecution. Unless there is a large number of complaints, there probably is not enough evidence to even get a pin register. Does the act cause any denial of service. How much loss: loss of business, bandwidth measured at the going rate, or any other tangible or intangible cost which can be measured. They look at the impact of the act and if it cannot be intrinsically tied to some monetary value then pursuing it is useless. Does the act rise to the level of harassment by wire. Some proof of intent will be needed, there needs to be more than just evidence of a portscan. It might surprise some, but the cops just can't break down your door because someone with your account did a portscan, even if the local law believes the act violates US code. There has to be some other evidence tying the suspect to the use of the account at the time of the act. They might come over and "interview" you. Police interviews are often pretty close to the third degree. Someone on the list said that a "computer savvy cop" would be most likely to pursue the portscan as an illegal act. The computer savvy cops I know are more likely to push to dismiss the case before it gets anywhere. They know the difficulty involved in investigating the case and are not looking forward to it. It's not the portscan that will get you in trouble it's what you do with the results. The first time you try to "test" the system for a vulnerability, you will most likely be crossing the line. Don't scan the same system repeatedly thousands of times; don't do anything illegal with the results; don't violate service provider agreements; and if you are told to stop by a sight then stop. If you really want to stay out of trouble then only scan for well known ports. The implication is that you are looking for publicly available services advertised by the system. Dion Stempfley dion () riptech com
Current thread:
- Re: publicly available resources and the law, (continued)
- Re: publicly available resources and the law Bennett Todd (Feb 23)
- Re: publicly available resources and the law Ken Williams (Feb 24)
- Re: publicly available resources and the law Fyodor (Feb 24)
- Re: publicly available resources and the law Jesse Whyte (Feb 25)
- Re: publicly available resources and the law David Dennis (Feb 25)
- publicly available resources and the law System Administrator (Feb 25)
- Re: publicly available resources and the law vik bajaj (Feb 25)
- Re: publicly available resources and the law Bennett Todd (Feb 26)