-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> -----Original Message-----
> From: Kent Hundley [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, July 20, 1999 2:58 PM
> To: Ryan Russell
> Cc: Dave Gillett; firewalls
> Subject: Re: Response to hack attempt?
>
[...]
> If it _were_ against the law to perform a port scan, it would not
matter whether the intent was to check for
> vulnerabilities for an actual break in or if it were just someone
playing with a new scanning tool. It's the same as
> someone stealing a car to sell it and someone stealing a car to
joyride. Both are covered by existing statutes, but the
> question of intent may make the penalties worse for one.
...yet still, both are illegal. Port scanning has been ruled illegal
(without proper authorization) in ... where the hell was that, Sweden?
Norway? Somewhere in that area. I just wish it would apply here as
well.
Because basically, a port scan is an access. If you scan a port, say
25, you will invoke a response, say a mail server greeting. That alone
could be construed unauthorized access (if you did not send mail).
> The point remains, scanning is not illegal, so the question of
intent is irrelevant from a legal perspective.
Unfortunately correct afaik. However, if you step just a tad over a
scan, say you found telnet open on a router, and you telnet into that
port. You tried 'admin', it fails, and you move on; this access was
unauthorized, and could and should be illegal. But where is the line
drawn? Are you committing a crime by a) scanning, b) unauthorized
access attempt, c) successful, non-destructive (i.e. show ip route),
unauthorized access, or d) destructive, unauthorized access (i.e.
reboot router)?
Over time and lawsuits, this will all fall in place. I suggest we
assume that from a) on it's illegal, and from c) on you should take
legal actions.
Regards,
Frank
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.0.2
Comment: PGP or S/MIME (X.509) encrypted email preferred
iQA/AwUBN5VBwSlma9DCzQQeEQJDAwCeOeaDcDOOdzVzzFYeGOUkOq/03SsAoKUb
ouZ2W15D5hFvJ6Q/dWqENUUh
=1Uyn
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
