This one just came across on the NANOG list. All you firewall and access list jockeys may want to keep an eye open... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Edward S. Marshall Sent: Tuesday, December 19, 2000 7:43 AM To: [EMAIL PROTECTED] Subject: Port scanning legal http://www.securityfocus.com/templates/article.html?id=126 A quick quote from the article: A tiff between two IT contractors that spiraled into federal court ended last month with a U.S. district court ruling in Georgia that port scanning a network does not damage it, under a section of the anti-hacking laws that allows victims of cyber attack to sue an attacker. Last week both sides agreed not to appeal the decision by judge Thomas Thrash, who found that the value of time spent investigating a port scan can not be considered damage. "The statute clearly states that the damage must be an impairment to the integrity and availability of the network," wrote the judge, who found that a port scan impaired neither. This may have ramifications for both security professionals and abuse desk personnel; this ruling would seem to make it clear that you cannot claim time spent investigating abuse issues as damage. The complete finding is here: http://pub.bna.com/eclr/00434.htm Any armchair lawyers on the list want to take a crack at this? -- Edward S. Marshall <[EMAIL PROTECTED]> http://www.nyx.net/~emarshal/ ---------------------------------------------------------------------------- --- [ Felix qui potuit rerum cognoscere ] _________________________________ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]