Re: publicly available resources and the law

[Bennett Todd <bet () newritz mordor net>]

1999-02-26-13:29:18 Dion Stempfley:
> Don't scan the same system repeatedly thousands of times; don't do
> anything illegal with the results; don't violate service provider
> agreements; and if you are told to stop by a site then stop.

I don't really disagree with anything Dion said, but I'd add: even if your
service provider agreement doesn't seem to you to prohibit port scanning, do
not count on it. See, I think Dion was only looking at part of the whole
situation.

If you port-scan systems that are not your own, without notifying the
management of those systems in advance in writing, then one of these days,
you'll scan someone who is cranky, irritable, and stubborn. He'll complain at
your ISP, and if your ISP doesn't kick you off immediately he'll commence to
bad-mouth that ISP in lists and newsgroups for harboring abusers until the ISP
feels some serious pressure to buckle and kick you off. So don't do port-scans
from accounts you would hate to lose suddenly, with no warning.

And if you aren't careful to avoid hitting the Wrong Targets, one of these
days you'll scan someone who has an infinite budget, and if it happens to
strike their whim that they want to persecute you, you are in deep doo-doo;
with enough money, they can purchase whatever legal outcome they want. You
might not like the one they decide to buy.

-Bennett