Nmap Announce mailing list archives

RE: publicly available resources and the law

From: Dion Stempfley <Dion () riptech com>
Date: Fri, 26 Feb 1999 08:29:18 -0500

I have spent some years working with law enforcement on these issues,
and have some thoughts about the discussion.  

The same part of the US Code which makes war dialing illegal has been
interpreted as making port scans illegal...sometimes.  I have asked US
and states attorneys the same question for years.  I usually get a
different answer from each.  

The general opinion from many prominent Justice Department officials,
although not necessarily an official department position, is that
portscans do not reach the level required for arrest or prosecution.
Unless there is a large number of complaints, there probably is not
enough evidence to even get a pin register.  

Does the act cause any denial of service.  How much loss: loss of
business, bandwidth measured at the going rate, or any other tangible or
intangible cost which can be measured. They look at the impact of the
act and if it cannot be intrinsically tied to some monetary value then
pursuing it is useless.

Does the act rise to the level of harassment by wire.  Some proof of
intent will be needed, there needs to be more than just evidence of a
portscan.

It might surprise some, but the cops just can't break down your door
because someone with your account did a portscan, even if the local law
believes the act violates US code.  There has to be some other evidence
tying the suspect to the use of the account at the time of the act.
They might come over and "interview" you.  Police interviews are often
pretty close to the third degree.

Someone on the list said that a "computer savvy cop" would be most
likely to pursue the portscan as an illegal act.  The computer savvy
cops I know are more likely to push to dismiss the case before it gets
anywhere.  They know the difficulty involved in investigating the case
and are not looking forward to it.

It's not the portscan that will get you in trouble it's what you do with
the results.  The first time you try to "test" the system for a
vulnerability, you will most likely be crossing the line.

Don't scan the same system repeatedly thousands of times; don't do
anything illegal with the results; don't violate service provider
agreements; and if you are told to stop by a sight then stop.

If you really want to stay out of trouble then only scan for well known
ports.  The implication is that you are looking for publicly available
services advertised by the system.

Dion Stempfley
dion () riptech com

Current thread:

Re: publicly available resources and the law, (continued)
- - Re: publicly available resources and the law Bennett Todd (Feb 23)
  - Re: publicly available resources and the law Ken Williams (Feb 24)
    - Re: publicly available resources and the law Fyodor (Feb 24)
    - Re: publicly available resources and the law Jesse Whyte (Feb 25)
    - Re: publicly available resources and the law David Dennis (Feb 25)
    - publicly available resources and the law System Administrator (Feb 25)
    - Re: publicly available resources and the law vik bajaj (Feb 25)
- RE: publicly available resources and the law Benjamin Smee (Feb 23)
- RE: publicly available resources and the law Meritt, Jim (Feb 23)
- Re: publicly available resources and the law ark (Feb 25)
- RE: publicly available resources and the law Dion Stempfley (Feb 26)
  - Re: publicly available resources and the law Bennett Todd (Feb 26)