Just to summarize the responses. The general consensus is: If you are ask to rattle the door, and have something in writing that says you can then it's okay. OTHERWISE: 1. It is about the same as trespassing. 2. It has the appearance of evil. 3. It is illegal in Sweden and Finland. 4. It is wrong because it causes others extra work (running you down and reporting you). 5. It is wrong because it wastes other people's computing resources. Here are a couple of other ideas to consider: There is the issue of public verses private access. During normal business hours, it would be less likely that I would be questioned if I were walking around a building that served the general public (i.e. office building) rattling doors. One could argue that an Internet connection represents a public access point that serves the general public. Secondly, it could also be argued that the normal business hours of this access are 24x7 since it is open to the public all the time. Perhaps the more compelling argument is one of ethics. Any activity that has the appearance of evil reflects poorly on the profession. Most professional ethics code prohibit such activities but promote the idea that a responsible professional informs others of potential problems when they come across them. I take this to mean that in the course of normal business activity if you discover something that would be a security concern to you, you should inform the person responsible for the security of that system. I recommend doing this with a personal phone call. I find number 4 also compelling. There is no way of telling what response your activity will generate. Your probe could very well generate a lot of extra work for other people. I know I hate it when I have to spend extra hours eradicating a virus or running down a access control breach. Number 5 is a violation of the IETF Code of Ethics and is certainly of concern for those probes that generate large amounts of traffic. It is also a major concern (at least according to my logs) for misconfigured Internet devices and automated information gathers. These two constitute the largest amount of wasted CPU cycles on my Internet connections. My sincere thanks to everyone for their thoughtful responses. Bill Stackpole, CISSP - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
