Slashdot Mirror
Judge Says Port Scanning Is Legal
cvbear0 writes: "SecurityFocus has an article explaining a ruling from a U.S. district court ruling in Georgia about port scanning. The judge ruled that that port scanning tools neither "impair the integrity nor availability of the network." Both parties agreed not to appeal the judge's ruling."
Some users have made comments to the effect that any portscanning is amaturish and more than likely to be used for haXor puroses.
Bunkum!
A portscan of your local net can be a handy tool for instance figuring out wherethefrag the dhcp server is whackin' everyones PC, what services are available on that nutty little net-printer with manglish instructions, whether that net appliance is exposing any unnecesarry services, many thing indeed.
And yes, you can use a scanner to find machines with port 139 exposed on the internet. Don't, that just pisses one off to see lot's of splattered 139 enquirys all over the firewall. Kids;- It's an old trick. Go invent some new ones....... Or get hardcore, learn forth and like program a toaster or something:)
Excuse the Unicode crap in my posts. That's an apostrophe, and slashdot is busted.
Trying to submit this, but the slashdot server keeps barfing out error messages:
The HoneyNet Project, a network of honeypots!
The Honeynet project is a group of 30 security professionals dedicated to learning the tools, tactics, and motives of the blackhat community and sharing those lessons learned.
ZDnet report
Best Slashdot Co
Difference is YOU choose to use yours. I had no input in your use of mine. I pay for mine. I choose to accept the overhead of PPP/ethernet. I DON'T choose to pay money for you to satisfy your curiosities.
Open Source. Closed Minds. We are Slashdot.
You, or your PC, is the one that addressed them. That "common carrier" thing, remember?
Open Source. Closed Minds. We are Slashdot.
/. has finally come to its senses and failed to mod someone down for even considering windows could be secured
Never underestimate the dark side of the Source
The "wander around your house looking at stuff" analogy is traditionally used to describe a situation where a person has gotten in, like through a known hole or weak password, and is looking at information that was assumed and intended to be private without altering or deleting it. That's not even in the same ballpark as portscanning.
--
Fuck the system? Nah, you might catch something.
I personally don't care less what your intentions are in the dead of night jiggling my door handle, I'm going to shoot you first and ask questions later.
You'd shoot someone for jiggling your door handle? First, I'd make sure it's on there tight and won't jiggle, then I'd get a motion sensor light. If that didn't work maybe I'd get a fence or call the cops.
But then again I'd probably be dead asleep and wouldn't notice unless I had some sort of security camera logging the event. I'm certainly not gonna have it wake me up if someone jiggles the door handle. Now, if they actually open the door..
--
--
You are a fucking moron.
I know you will have a hard time accepting this due to your steady diet of violent movies/games/TV ever since you were a tot but in OTHER parts of the world it is not considered acceptable behaviour to shoot other human beings.
- Toby
I actually don't mind when someone attempt to find open FTP ports on my system. If someone telnets into my box they get a polite message asking them to go away and never try to access my system again.
The the lusers who access 21,22,23,12345,12346,31337 all within 2 seconds, and are probably doing the same to everyone on my B subnet who really really really piss me off. In a rage, I wrote up Stop the portscanners. Yes, it's pretty ragy, and probably over the top. With this ruling I might change my mind a bit.
I also wrote a program called antagonizer. It "teletypes a message", typing a character every 100ms, with a Ctrl-G between each character. It's damn annoying to telnet into, crashes IE's ftp, etc. If they try to access 12345, 31337, it tell them to fuck off and start looking for another ISP. I've actually managed to get ISPs to drop users by informing them that one of their users is portscanning. Works maybe 10% of the time.
In the wake of this ruling, I've been thinking of creating an "eye for an eye" system. If you access port 21 of my system, my machine access port 21 of your system, and sends you back the results. Haxor cracks into their own system, logs at 11... Not sure how well it would work for thinkgs like ssh, but in theory should work.
Also thought about a scanning detection or honeypot network, where the results of portscans could be logged or analysed from a single server.
don't know about the portscans you see, but the portscans I see are more analogous to someone walking up to your back door in the middle of the night and jiggling the knob to see if it's open.
Not hardly. Thats analogous to trying to get into an ftp site without authorization. The mere connection to the ftp port and seeing that it doesn't offer anonymous access is akin to looking at a structure and saying "that is a private residence; I should not enter it as I would with a public store."
If some thug walks up to your front door and starts rattling the the knob, there's grounds for calling the authorities. You're exactly right, and there should be similar grounds for port scanning. To paraphrase the Code of Computer Use at my university, 'Authority to use a computer is granted solely by the owner of that computer. Just because you have a password doesn't give you the right to use it.' Port scanning uses resources on my computer (even if not significant). So in my mind, if somoene is using resources and I didn't tell them it was okay, something's wrong.
Compound that problem with working at a University where they've got policy (albeit usually unenforced) that you'll get fired if you try to firewall or NAT your network. The net result is that there's no way to close some ports on machines that I have no intention whatsoever of letting you look at. Your analogy fails miserably. An open port is not an open door, or an invitation. You should instead assume that if you haven't been explicitly invited or given permission that you are to stay off.
Yes, implicity giving people to use THOSE SERVICES I'M PROVIDING. There is no need to portscan the box for those I don't offer the public.
That depends on where you live.
I know that here in Texas jiggling the door handle would fall under the classification of criminal mischeif at night which does justify the use of deadly force. Now whether or not your conscience could handle shooting little Jimmy from next door who just wanted to know if you saw his puppy is a whole other question. The fact is you wouldn't be gonig to jail.
Never underestimate the power of human stupidity -RAH
I wonder if it is possible to get "anti-hacker" insurance on servers in Italy. If companies are not required to harden their servers...
..sleep well :)
Well, this could be a thought. But I don't know how many companies would sleep soundly if they know that their servers are open, but at least they'll get all the money back if somebody grabs everything.. it's like living in a dangerous neighborhood and having our car insured against steal - and leaving it open with the windows down.
-- There are two kind of sysadmins: Paranoids and Losers. (adapted from D. Bach)
Yes...if I use my eyes and look at your house, examine your windows...the information gleamed could be used to break in. However, looking is not illegal...even touching your windows. If you are so intent on breakins being a crime then they will get charge *after* commital, not before. We call this innocence before guilt. Interesting concept.
And if you left the keys in your door who is to blame? I don't think port scanning for the purpose of illegal entry is right or moral, but if you invite someone in due to negligence then you are at fault.
If you are running a home server and/or network and you don't even have rudimentary firewall software (also available at Tucows) then you have no one to blame but yourself if your network is comprimised.
Capt. Ron
crazy dynamite monkey
The question is simple, would it REALLY have stopped anyone even if the ruling had been the reverse?
The Internet, one place where if you're not right, someone else will set you straight... maybe.
any purpose without permission.
I am not sure if this is strictly true. Would it then be illegal to send a single ping to a machine to determine whether it is responding to packets? How about traceroute? When you are using the Internet, you are using a lot of other people's hardware without having explicit permission (i.e. routers, backbone providers, and so forth)
It seems to me that by placing a machine on the Internet, and running public services, you are implicitly granting permission for people to use it for some purposes. (If the machine is also implicitly running a public service, i.e. a router, implicit permission is also granted, IMHO)
dtach - A tiny program that emulates the detach feat
I think you're trying to park in his driveway, not on the public road.
Open Source. Closed Minds. We are Slashdot.
Hmmmm ... It's probably just an urban myth, but there is the old story of how a consortium of Standard Oil, Bridgestone Tyres and General Motors bought the public rail system of a major city, scrapped the trains, and replaced it with a bus system using General Motors Buses equipped with Bridgestone Tyres and running on Standard Oil. Eventually they realise that they can sell many more vehicles, tyres and fuel, if they get rid of the buses and replace them with ... er traffic jams.
What about going in and re-arranging the furniture, and then leaving a note about fengshui?
a/s/l here. Sorry, adding domain tags to your s
In the real world, you can follow someone around with impunity until you do something threatening or harassing, such as make threats, make sexual advances or *possibly* commit a real crime such as trespassing, breaking and entering, etc. (note that these things can be *perceived* threats, as long as there is some basis for it). Obviously, if the same concepts were applied to computer security, then port-scanning would be fine (just seeing what your computer is doing) until a threat is made (just seeing what your computer is doing so an attempt can be made to damage it).
This would allow "reasonable" port-scanning (i.e. searching for FTP sites that allow anonymous access, accessing "public" resources, checking security for a friend, etc.) and would disallow port scans from people who have acrimonious relationships with the owner of the computer, are "known" crackers, etc.
Of course, to make these kinds of changes requires getting state and federal legislatures interested. Unfortunately, virtually all of the lobbying from the Internet "community" comes from free speech advocates, who are generally against virtually any restrictive legislation regarding computers at all, advocating an almost-complete hands-off policy. I'm just glad that laws against burglarly, robbery, assault and the like came before they did.
If you tell someone to read the article, maybe you'd better first read his comment; it says Since this case won't be appealed, it means almost nothing.; he was commenting on the fact that there wouldn't be an appeal! Don't you think it's a bit stupid to first misread someone's comment and then call him a fuckhead?
0x or or snor perron?!
There's another class of scanning though, I've got a user who's threatened to hack into my machine. He's just a script kiddy, I'm not terribly concerned since I don't have any services other than the bare minimum running. Still, it seems to me that when this kid scans me I should be able to have it treated more seriously than a random scan.
The problem I see right now is that things are both too lax and too strict. People try to make valuable tools illegal which is absolutely wrong. On the other hand positive rulings without the requisite pause to think about how the circumstances which surround an event, the intent, should dictate how the event is classed.
Chris Kuivenhoven is a thief, beware
Massachusetts, actually.
--
Well said.
The only way people have of knowing whether your servers offer particular network services is by trying a connection. TCP/IP offers no other way. When you're on the main high-street of the Internet (ie. directly connected), it must be expected, because there is no other way for people on the street to know what services you're offering.
In contrast, if your servers are not intended to be "on the main high street" and you don't want people to know what services they provide, then firewall them off --- this makes them private property, off-limits to the high-street wanderer.
The continuous rain of port scans on the Internet is irrelevant to any sysadmin that structures systems properly into public and private parts. Yes, testing for open ports is often performed during crack attempts, just like looking is often performed during burglary, but if you want to know what's around you then you cannot avoid doing either of these. The technology offers no other way.
If you don't want street wanderers looking at your establishment and walking in through any doors that you've left open, put it behind a wall, and silently drop all packets that fail your access policy. To complain about port scans is to misunderstand the limits of TCP/IP.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
Do I need to elaborate?
Please stop APK.. you're only hurting yourself.
your an idiot. No shit that saying someone isn't allowed to do something only stops them if they obey. What the hell do you think laws are? If their is a violation...wa-la, they didnt obey it now did they. You can want all you want for me not to look through your window from any sort of distance, thats protected...you do not have the right to say what I cant look at in that situation. You want protection, put up blinds...thats your responsibility, your sacrifice. Thats free as in speech. The freedom not to have you tell me I cant look at your house because "you dont like it". Free cable is a completely different matter...it pretty much is like mp3s, copying cds whatever. Completely different. Those companies have legitimate claim to protection from what you are doing...you however not liking my look at your house, do not.
If you connect your computer by to the Internet and it is assigned an IP address, then it is potentially offering an infinite (or is it 65536 or ....) number of ports to the public internet. Each and every port you connect to the internet becomes part of the shared public network, just as you assume that people who you have never met, dealt with or heard of will route your packets you are offering these connected ports. If someone port scans your computer, they are portscanning a public IP address (or else you are behind a firewall and should be asking questions of the provider). TCP/IP does not (that I know of) provide a DNS like system to say which ports are useful on each IP so using a port-scanner is the only way to find out what you are usefully offering. How am I meant to know what services you are providing on your public part of the public internet (lets make a public and private net addressing system to say that your system is different if you don't accept this)?
Never underestimate the dark side of the Source
excuse all the grammar and spelling...Im way off lately(vacation time!)
This port scanning controversy speaks to a larger issue of rationalizing privacy infringement in our society.
The justifications I've seen in this thread for scanning some Internet host/network read just like the justifications that spammers use for filling up our mailboxes and telemarketers use to call us while we're sitting down at dinner:
Spammer: By releasing your email address to news groups, a user relinquishes any right to privacy. If you don't want marketing email, don't post to news groups.
Scanner: By having a host/network on the Internet, a netizen relinquishes any right to privacy. If you don't want your network to be scanned, unplug it from the Internet.
Actually: I should have a right to not interact with other members of a society. If I don't initiate contact with you, don't call my house, send me junk mail, spam my emailbox, ring my doorbell, or probe my network.
Spammer: It's only an email, just delete it if you don't want it.
Scanner: They're only packets, just ignore them.
Actually: You are now using resources that I paid for and that I did not expressly give to you. It is irrelevant that you think that it's no trouble for me to absorb the cost or you think that the cost is negligible.
Spammer1: But if I can't email you, I can't market my service.
Spammer2: But if I can't email you, I can't tell you about Jesus.
Scanner: But if I can't scan your network, I can't satisfy my curiosity.
Actually: Your right to market your products, save my soul, or satisfy your curiosity does not trump my right to avoid your advances. If your advances send me an email alert, chime my doorbell, ring my phone, or set off my network alarms - you're intruding.
Folks, please don't run away from protecting privacy. Support privacy in every way you can. Allowing one type of infringement that you happen to like leaves the door open for all those infringements that you don't like. Close the door on all of them.
Why are you letting these clowns ruin our country?
Simply choosing whatever real-world analogy best supports the position of port scanning is good/bad is a faulty argument. Why not discuss the topic in terms of the actual result of the actual action we are talking about? Port scanning does no real harm right off the bat. On the other hand, it is impolite to do, because now the admins of the box you scanned have to worry about what your intentions are. So going around portscanning strangers just for fun is kind of a bad thing, but not so bad that no one should ever use such a piece of software, especially since it is so educational.
And that's my take. Sure, if I put on my security admin hat, I don't want anyone ever doing any port scanning, because it makes my job a lot easier: anyone scanning my box is an enemy. On the other hand, if I put on my student hat, how am I ever going to learn things if the most educational tools are seen as dangerous and disallowed?
-- "Just the superficial sort of [analogy] someone grounded too far in 'reality' would think up. TURN UP THE FEED, YOU WIGGLY MEAT THINGS! THIS IS THE NET! NOTHING'S REAL!" --Rache Bartmoss
--
share and enjoy
Is there some reason why you don't use one of the private ip blocks? It seems like pretty bad form to use public ips on a private net that's hooked up to the public internet.
-- It only takes 20 minutes for a liberal to become a conservative thanks to our new outpatient surgical procedure!
Then get your boxen off public roadways...others are trying to drive.
Someone said it earlier - if you don't want YOUR network to be scanned, take it off the Internet...
Please stop APK.. you're only hurting yourself.
I tend to come in on the "jiggling locks" side of things. My rationale? When an exploit comes out on BUGTRAQ for a service, suddenly I see a leap of people scanning all my publically available IPs for that service. I tend to think that those people are looking for machines to break into. I haven't actually set down a honeypot to figure out the percentage of scans that actually turn into attacks, but until someone offers empirical data on it I assume its rather high and that these are the precursors to malicious attacks.
So, what I would claim is that the intent of the majority of the people portscanning out there determines what it is analogous to. Most people walking down the street admiring the architecture of your building are not trying to break into it. Most people checking the locks on your door *are* trying to break into it. Most people I think that portscan large blocks of addresses for a port that just got exploited yesterday on BUGTRAQ are also probably trying to break into your machine. So, I'd offer a standard which is intent. If you disagree with it, that's fine, but don't just wave analogies in my face -- instead try to offer your own standard.
Kewl, now are all the 3l33t script kiddies on the secure site!
And who pays for the bandwith?? Some people don't have flat fees.
Before you email me, remember: "There is no god!"
Probably considered illegal, but there's clearly benevolent intent. Anyone doing this would probably be given community service hours, and would demand more...
Inheritance is the sincerest form of nepotism.
Alex Bischoff
Alex Bischoff
---
Alex Bischoff
HTML/CSS coder for hire
Your claims that nobody uses a portscanner other than script kiddies is totally false.
I know this. I use portscanners and packet sniffers all day, every day at my job. Large companies have rewritten code because of the things I and my peers have found.
More like wandering by your house and counting the number of windows it has.
If they're doing it from the public street, no big deal, since it's non-intrusive and passive.
Port scanning, however, is much more intrusive. If it's setting off network alarms, isn't it obvious that it's not passive?
Why are you letting these clowns ruin our country?
Finally we see a little intelligence from our court systems. I mean, I do not do any sort of cracking, but I love to know what people are doing with their boxes. I have port scanned many of the servers around my university just to see what they're running. Port scanning does not hurt the network at all, it just throws a few packets at each port trying to establish a connection and then moves on. When can we schedule this judge to hear the decss case??
(http://slashdot.org/article.pl?sid=00/12/15/00282 11). I was a bit disgruntled that this article was kicked off to the side like that where it only received about six comments when it was a bigger issue than 'Read To Your Kids, Go To Jail' and the like which were on the main page at the time.
Glad to see Taco realizes this is news deserving o a broader range of discussion. :)
---
seumas.com
> here are some new reasons:
-1 Tried to be funny and wasn't
-1 Tried to be serious and was funny
> -1 Opinion I disagree with
Actually, I think that's what most downmods really mean. Or to be fair, only about 1/3 of them. Most moderators actually seem to do a good job.
> +1 Offtopic, but more interesting than what we're talking about
That's the one you really deserved.
> This post has been brought to you by sleep deprivation and need to procrastinate
Finals week. Projects due. Overdue. Homework Avoidance Syndrome.
Me too, at least in spirit.
--
Sheesh, evil *and* a jerk. -- Jade
Moulton probably could have avoided the problems by asking permission to do a port scan first.
It's interesting that he's still in trouble over the port scan in the first place, this ruling just says that V3 can't claim damages from it.
********* sig: If you don't like the law, get filthy stinking rich, and buy a better one.
See also the article on Kuro5hin and The Register.
Richy C.
Gotta love the judge's name 'Thomas Thrash' - clearly, his h0n0r is a l33t h4x0r.
Sean
The point here is that agreements do not make binding (or advisory) case law. All an agreement does, is stop litigation. The terms of the agreement may set up terms of the agreements between the parties.
It happens that I read both the article and the ruling by the court.
Fight Spammers!
In the end be VERY careful what you do, because doing what is correct will not always protect you. When we do any security audit/analysis for a company we get a written agreement from them AND their connected networks. Some sysadmin's are pretty high strung.
As one sysadmin put it "I don't like my territory pissed in".
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
Within corporate networks, netadmins regularly scan inside IP addresses looking for security holes -- particularly of publically accessible servers. Services offered are correlated with lists of possible problems, and the software examined to apply appropriate patches.
Some research depends on Internet-wide port scans to further worthwhile projects. For example, the "fingerprinting" of public servers provide statistics of what software is being used. A mapping project sponsored by NASA generates a sample of "working" systems by using a limited port probe -- I see this all the time in my firewall logs and traced down the project to find out just what was going on. (At some point, I will update my firewall filters to pass through the well-identified IP addresses of this activity, so that their research will reflect reality a bit better.)
Unfortunately, the good works that honest researchers (both pro and amateur) do is far outstripped by the number of people who use the "burgler tools" indiscriminately, or for nafarious purposes. Mass fingerprinting identifies systems ripe for root/admin compromise, or for potential denial of service if the wish arises to do so.
Another commenter said that [paraphrase] "a person checking doors to see if they are locked is suspicious in and of itself": it depends on who is doing the knob-rattling, and whether I know about it beforehand. Port scanning is just that, "knob-rattling." Most firewall appliances and software sold today will detect and block even "stealth" scans of their assigned IP addresses. As they should.
The sad part is that people who run port scanners are considered guilty until proven innocent of trying to commit an unsocial act. AS THEY SHOULD BE. This posture makes sense, because port scanning, like UCE/UBE, uses resources that the user of the port scanning software isn't paying for, and in all too many cases isn't desired by the receiver of the scan packets.
whew... i'm tired now.
The poster is making an inappropriate analogy when he/she suggests that checking whether a network service is available to the public through the front door on the Internet is equivalent to monitoring sexual activity on private property.
Unless your humping is intended to be on display on the high street, there is no analogy here at all. Presumably if the sex is with your SO then it's not meant to be public. It would usually be on private property, ie. behind a wall and/or locked doors, so that high-street shoppers don't think you're offering viewing of your bedroom antics as a service.
Don't forget that TCP/IP offers no other way for people on the net to determine what services you are making available to them: trying to open connections is the only way of finding out what network services are being offered. Protesting about port scans just shows a lack of understanding of the demands and constraints of TCP/IP. Without the ability to open connections to check on services offered, one would be more constrained than a blind shopper on the high street, never knowing which establishments are open and which are closed.
If you don't want your private resources to be visible to the public, get off the high street by placing your servers on private property, ie. wall them off behind a firewall out of reach of port scans.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
No its worse than a troll, its a well meaning but somewhat clueless person. I find it absolutely amazing what is going on in this country that people don't know about.. things that are so way out, so shockingly horrible, and nobody seems to care. The media doesn't publish things, and only special interest groups are able to spread the word to their members, which then attempt to alert the rest of the population, get shot down for being quacks and extremists.
A slip of the foot you may soon recover, but a slip of the tongue you may never get over. -Benjamin Franklin
Yep! The man on crack will go out get a job and smoke crack when ever. Hell I know people like this. They had jobs. Came in every day. And was HIGHLY addicted to crack. Of course, some company won't hire a person if they do drugs. Not becuase the person can't do the job. Not becuase of any reason other then a person uses drugs. Now since Mr. Joe Crackhead can't get a job but needs crack but cracks cost out the butt, he steals from the people around him. And since crack costs alot they have to steal alot. Don't you understand? It's not the action that make an action illegal, but the people who thinks it's illegal.
My g/f was attacked by a man on PCP (prior to my meeting her). He probably wouldn't have attacked anyone, but he was higher than Voyager 1, and completely unstoppable. She should be dead, but instead it just turned her life to hell for a year.
I'm sorry about your g/f. However how do you KNOW this man hasn't or wouldn't ttacked anyone? You say "probably" that not the least bit of being sure. You might as well say
Does that makes sense? HELL NO!!! A "good" person doesn't do "evil" things becuase of a evil drug. People do what they do becuase it's in their nature to do it. I'm sure your girlfriend thinks he a good person...Weed is a different case altogether, and grouping it with other drugs is stupid (and the only reason it is ever a "gateway drug"). I mean really, have you ever seen someone smoke some weed and then go rob a store? Weed smokers are more harmless. Half the stuff the doctor gives you is worse.
Hell, some people can barely get to the store high let alone rob it...
MarNuke
Don't ask me. It pisses me off! I haven't been able to get a clear answer about the situation. But then I'm just a software engineer, not the a member of the IS department. Perhaps it was originally configured when the company was really small with no IS staff but somebody who didn't really know what they were doing. Changing IP addressing schemes can be a pain though (I was with a company that went from 192.168.x.x addresses to 10.x.x.x addresses), so there's probably some inertia to overcome first.
I've heard that analogy before, and *plo ease* stop it. No it is not the same as trying if someone forgot to lock their door - that would be the actual exploit, if anything...
When is a port scan a port scan ? If I scan one port ? two ? ten ? If I connect to a machine on port 80, I expect to get the web-server - but it is a one-port "scan" as well. Is that leagal ? What if I follow a link from somewhere that points to http://yourhost.com:81/, but you never had a web server running at port 81 ? Am I a burgler ?
Give up the ghost-hunting, and let's focus on the real issues... If you log a port scan, you're wise to keep an eye on that IP. But nothing happened yet, and maybe nothing will.
If I walk by your house looking at your front door, maybe you'll be wise to keep an eye out for me next time. But if you come after me on those grounds alone, the law is on my side.
It is wise to use logged port-scans to focus your detective work, but attempting to act on them alone is ridiculous. It is very simply *just*not*good*enough*.
Mattel continued with a baseless libel lawsuit, even though their own attorney admitted that I believed what I published. When a judge asked them what was libelous, Mattel moved to dismiss. Mattel is the one who tried to shake me down, Mattel tried to shake down others. Mattel has over 130 cases in only one of Federal courts; Mattel has 10 pages of cases (1 line per case) in the LA superior court. Are you saying my lawsuit against Mattel is abusing the courts more than Mattel abuses the court?
Why don't you check the facts before you jump to conclusions.
Fight Spammers!
Which would really truly suck ass. It would make me have to switch ISPs.
I often use my hom emachines to port scan machines that I have on other networks to see what can get through, what is running etc. Port scanners are GREAT tools.
Sure, its nothing that can't be culled from netstat and other things, but port scanning is fast and effective. It also is great for testing ipchains rules etc to block port access.
Besides... port scanning is not malicous. Sure, it is often a prelude to an attack, but it is not, itself an attack.
Port scanning is just a useful tool. If you don't want people using a service, then don't set it up so that the entire world can access it. If you don't want people connecting to a port, then don't run anything on that port, or block it off with ipchains rules.
If its available to the world, then assume that it is public...because it is. I mean really... looking in the window of your car is a prelude to stealing your stereo... but does that mean we should outlaw looking in through the windows of parked cars?
-Steve
"I opened my eyes, and everything went dark again"
I love the irony in this, you call me an idiot then argue FOR my point. =) I probably worded my post badly (I was in a rush to finish it before going out to lunch), but you pretty much summed up what I intended to say (I have a bad tendency to beat around the bush). The only part I argue with is that observation isn't the same as "free as in speech." It's a personal decision whether to look at another person's house or not. There's no personal decision as to whether you're allowed to express yourself as speech (I suppose you could mentally censor yourself before talking, but that's another topic for another time). People put in windows so that they can see out, but they still want privacy so they tells others not to look in or install blinds. It's exactly the same freedom as distributing music on CD, so that people can buy it and you earn money, and then applying encryption or telling people not to make copies. It's not like free as in speech because you don't have the right to push aside blinds and look in anyway.
Inheritance is the sincerest form of nepotism.
Ah, the "three pings and you're out" approach.
The judge is calling a legitimate and fair usage of the Internet and its resources a crime because it may impair other's ability to use the same resources. In all actuality, normal Internet traffic does precisely what this judge says port scanning does.
So I should be held accountable for the cost of the bandwidth of a public server? Hell, no. Of course not.
So, in effect, the senario which this Anonymous Coward puts forth is quite possible. With rulings like this, one could likely be sued for accessing legitimate resources.
nmap www.whitehouse.gov -sS -O -T Normal -vv
aÍÍ©ÍÌÍ£Ì'̽ͩÌÍzÍYÌÍÌY
Does possesion of a tool capable for use in a crime make that possession a crime? Of course not. But, if you walk into a bank with a loaded gun and a ski mask, or if you are caught sneaking around people's houses with a crowbar, I think the police will certainly take a suspicious look at you. Same with repeated and targeted port scanning.
We're treading onto some very thin ice with this subject. I personally use port scanners all the time. But if anybody else on my network is caught using one, then I'm gonna get very suspicious.
No boom today. Boom tomorrow. There's always a boom tomorrow. - Cmdr. Susan Ivanova
I used to read slashdot all the time, but is there a good reason why they are 2 days behing theregegister.co.uk on almost every story?
...they put illegal to enter someone else's computer even if there's no protection mechanism. They said it's like entering someone's house if the door is open - still a violation of privacy.
It has been stated by the Supreme Court, which also stated that it is illegal to 'stay' in a 'place' (doesn't matter if it's a house or a server) against the will of the owner.
How it can be known for sure that an open server is not for everybody, it's sort of a big deal.. but that was just for info, and perhaps offtopic.
In conclusion, no news about scanning a machine in italy - any other Italian reader up there? Is this of any interest to Slashdot? Maybe we could create a discussion about what is legal/illegal in several countries, and -most important- on what bases.
-- There are two kind of sysadmins: Paranoids and Losers. (adapted from D. Bach)
NO, YOU ARE MISTAKEN. Its more like seeing which house in the neighborhood HAVE DOORS. I do not agree with your theory that portscanning is tresspassing of computer hardware. Now, if the person were to portscan and THEN use that information to attempt to hack into a system, then yeah, that should be illegal.
Its people like you who are going to end up getting all books banned because they contain information that could possibly lead to some criminal act.
It is not the legal system that doesn't get it. This is finally someone who see's that portscanning in itself is not the criminal act.
A slip of the foot you may soon recover, but a slip of the tongue you may never get over. -Benjamin Franklin
Traffic jams are not of malicious origin. People didn't set up a jam to annoy you and exploit your car.
Tyler Durden for President!
I'm sorry. At this time I am unable to endorse Mr. Durden for President. As the recent election has shown, Americans have enough difficulty deciding between discrete candidates. To add to the difficulty of Candidate A versus Candidate B, to have an Candidate who is both C AND D at different times, I'm afraid that would confuse the issue too much. So, I reiterate, I cannot, in good conscience, endorse Tyler Durden at this time. Thank you for your attention, we now return to your regularly scheduled flamewar.
Steven
-- I have marked myself unwilling to moderate-- I don't have other accounts to artificially inflate the karma of
Jiggling locks = Malign intent
Glancing through Windows = Benign intent
There, nice and simple. Now if only there was a way of knowing the intent of a port scan...
Inheritance is the sincerest form of nepotism.
In some (US) jurisdictions, owning, for example, lock picks without being a licensed blacksmith is a crime. So, in some areas, owning of the tools is as illegal as using them.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
Ok, Mr. Wong, what would *you* do if you were awoken in the middle of the night by someone testing the security of your house? Call the police? Throw a lamp?
Blar.
i would surely hope that nobody would make port scanning illeagal, because then theoretically you can consider walking by a dumbass friend's house to make sure he locked it illeagal in a sense too, thank god that he went w/ the people... ...now for my idea, let this guy hear the napster/mp3.com/scour(aww, too late, crap)/etc cases, i used to work holine servers back in the day, and helped get digital music into the mainstream w/ all my buds, and i don't want to see a simple file format get a bad rap and all. Of course, it's not like we are gonna stop if they take down napster/gnutella/cuteMX/etc... oh, and let 'em hear the deCSS case too, hehe =)
-1 Tried to be funny and wasn't
;)
:)
+1 Offtopic, but more interesting than what we're talking about
Actually, I think I deserved the first one.
Finals week. Projects due. Overdue. Homework Avoidance Syndrome.
Actually, project past due, lenient professor, but I still haven't gotten much sleep in the past week.
The enemies of Democracy are
Yes, but you do have the right to walk down the street and peer into windows.
So I guess you've never heard of "peeping toms" being arrested? Where I live, "peeping toms" are not sued (as you say later in your comment), they are arrested.
You have the right to walk up to their door and even try the lock. You can even carry a crowbar while doing it if you wish.
Damn, I'd hate to live where you live, because that's certainly not the case where I live. I had a neighbor that was arrested for almost exactly what you describe (well, he was arrested 3 times actually, once he was caught in the act by another neighbor, once he was caught by someone who happened at home at the house he was trying to break into, and the other for successfully breaking in (they suspected him because of his 2 previous attempts in the same area)).
If a policeman notices you acting suspiciously and want to catch you (as opposed to just stopping you), he will watch you and catch you with the good after you left the premises.
That's because as long as there's no life at stake, it's better to get as much evidence as you can against the perpetrator. That, and actually making sure the person is committing a crime, instead of taking the chance of "jumping the gun".
Notice, that store security doesn't stop shoplifters until after they've left the store. Until they cross the threshold, they are not shoplifting. They may have the intent, but they haven't yet committed the crime.
This analogy doesn't even fit in this discussion. It's perfectly legal to walk around a store with an item prior to paying for it. The crime comes when you leave the store with that item without paying for it. By your use of this analogy, it would be legal to break into someone's home, as long as you didn't steal anything or harm someone (which is definitely not the case).
While I agree with your ultimate statement that port-scanning should not be illegal, your use of analogies in getting to that end statement is flawed at best.
Like I said, personally, I don't think there's much wrong with port-scanning. It's a tool that can be used for both legitimate and criminal purposes. But you can't ban something just because it COULD be used for a criminal purpose (running over someone with a car is definitely a crime, but we don't outlaw cars). As long as a tool has a legitimate purpose, then it's existence is justified.
Last night my friend got arrested because he went to the local QuickieMart to see if they were open. The lights were on and the store is located on public property, but the store was closed. Nevertheless, ADT had to spend time trying to figure out whether or not the window was broken. They're about to file a lawsuit for damages arising from their lost time. My friend is still in jail because the police think he must be a criminal, any law-abiding citizen would never have tested the door in the first place.
This is stupid! It's like going out on a playfield and getting hit in the head with a ball and complaining... Then the judge makes balls illegal on the playfield, because "if you get hit in the head occasionally, there might be a chance that whoever hit you might have done it on purpose."
If you make your machine available to the outside world, get ready to be bitch-portscanned! If a portscan on your machine leads to a break-in, then you weren't ready to plug your machine into the internet anyway. Deal with it.
It's funny that I see these judges making firm decisions over such deep matters, after just a couple of days of "research," previous to which they thought that Internet was a town in Kansas... Stupid!
--------------
--------------
$_='hfflbwfsbhfzp vs';s/(^.{4})(.{7 })(.+$)/$3 $2 $1/
I propose "Free as in cable" (You can hook up multiple cable ready TVs to cable splitters to get cable recption on all of the TVs, at least where I live, I no longer do it myself, but I used to). The concept being you've paid someone else for something, and you can get another copy with your own effort, but the source of the good/service doesn't want you to/doesn't want you to know that you can. It's not the same as "Free as in speech," it has nothing do with innalienable rights. Nor "Free as in beer," it's not possible to get two pitchers out of one (barring free refills). "Free as in cable" represents something where you're able to get more out of something than the provider wants you to, and the only way they can stop you is by the provider saying that you can't do it.
This applies to the story in that you CAN port scan someone, but they may want you not to do it. You've paid for the use of an internet connection, and can do more than someone else may want you to with it. Free as in cable applies also to the analogies people have been offering of looking at someone's house through the windows. If they don't draw the curtains (or blinds), you can look inside from a distance without, but they may not want you to. You may just be admiring the new wallpaper your neighbor put in, but you may also be looking to see what the combination to the wall safe is.
Theoretically you could bar your windows all the time, but you lose the convenience of watching a thunderstorm from inside, or letting a breeze in on a hot day. Saying that someone isn't allowed to look in through your windows to stop them only works if the that someone obeys your request. They're still free (as in cable) to look in. It's the price we pay for living.
Inheritance is the sincerest form of nepotism.
Some expenses are a necessity and are the responsibitily accepted under the circumstances. People may use your restroom in your restaurant, but you can't charge for it and you can't deny access to it from the public. It is an accepted expense, whether or not it is used.
---
seumas.com
Just because you never detected a breakin does not mean you have'nt been broken into. So you know every service open on your large network? Lets say 3000 machines? So your saying you have hand setup, configured and installed each and every machine on that network? There is no possible way that anyone could have enabled a service you dont know about? Every single machine has been patched and audited for security holes? For every version, architechture out there?
I am amazed.
Microsoft aggravates my tourettes syndrome.
But, if you're running a port scanner, then you'd be walking up to windows and doors and tapping on them, checking to find those that were open and/or unlocked.
Running a sniffer isn't illegal (but it's fun to watch what your neighbors on the cable modem are doing).
No boom today. Boom tomorrow. There's always a boom tomorrow. - Cmdr. Susan Ivanova
Gee. I day in the week of a Network Admin.. I want some cash too, for every bleepin' time somebody has 'knocked' on my servers' doors.
It's the equivalent of a burglar checking your doors and windows looking for one that's not locked.
...of the network." I don't think it should be against the law to look around in that way either. Scanning a network / wandering around looking suspicious may make you look a little suspect, but it doesn't make you a criminal. That requires more direct action on your part.
I disagree. I think this is more like walking into a convenience store and looking around to see if there are any cameras or cops before you decide to take part in a five finger discount or a full scale robbery or just because you're curious. Although the action you intent to take after casing the joint is illegal, looking around isn't what "impair[s] the integrity
As a "good service provider", checking out potential problems should be the normal duty, not something that you claim as damage.
A slip of the foot you may soon recover, but a slip of the tongue you may never get over. -Benjamin Franklin
This is a Yahoo article about the Supreme Court ruling in Norway in 1999, which resulted in it being legal to virtually try to break into anyone's system, it becomes illegal first when you manage to break into someone's system!
Thursday December 24 12:40 PM ET
European court clears way for hackers
By Christopher Jones
SAN FRANCISCO (Wired) - In a decision that sets a precedent in the realm of hacking, the Norwegian supreme court ruled last week that probing computer networks linked to the Internet is not illegal.
The University of Oslo charged a private security-software company, Norman Data Defense Systems, with attempted break-ins and disruptions on machines linked to its computer network. Norman Data conducted the network probes in 1995 on behalf of a Norwegian public news network, which was filming a program about the Internet and wanted to demonstrate the inner workings of open systems and the pitfalls therein.
"The essence of the ruling is that if you want to join the Internet, you have to assure that you're protected," said Gunnel Wullstein, president and CEO of Norman Data Security. "If you don't want to be visited, close your ports."
The case also illustrates the fine line between hackers and crackers. The former describes those who merely want to explore computer systems, while the latter refers to intruders with malicious intent. They exploit networks using specialized tools and tricks of the trade, including unauthorized access operations.
During the experiment, the company's engineers used finger commands to find out which users were logged on to the university's machines and information related to their session. They used telnet - a remote login command - to verify email addresses on the university's mail port. They also ran scans to see if any ports were open.
The University of Oslo could not be contacted in time for this story.
One of the engineers involved in the experiment, who asked not to be identified, stressed that all of these operations are based on open protocols and were not designed to break into systems. Rather, the test was done to show what information is freely available from machines hooked to the Internet. During the experiment, he said, no user IDs or other such information was retrieved.
"We wanted to help the news service tell the world that when you surf you leave your IP address all over the place, especially if you use the same machine," said the engineer. "This information can be used to find out quite a bit about you."
Hackers and crackers will often use commercial port-scanning tools, or war dialers, as a way to identify easy entries into computer networks. Norman Data said it only limited port scans and found no open ports during the experiment.
"I would say that it's not hacking to show if you go on the Internet, you expose yourself," said Wullstein. "It is up to you to decide which part you want to be exposed and which you do not."
When an Oslo court first ruled in the case, it found the company guilty of an attempted break-in on a computer network and misuse of other people's machine resources, causing inconvenience. Both charges carried a steep fine, and the company was also ordered to pay for repairs to the university's network. After Norman appealed the decision, a district court overturned the more serious break-in charge, but upheld the misuse charge.
In Tuesday's supreme court decision, however, the engineer and the company were cleared on both charges.
"This is very principal, the first time the supreme court has taken a standpoint in a case like this," said Frode Pedersen, news editor at Aftenposten, a daily newspaper in Oslo. "The high court said that if you have a service on the Internet not directly protected, you have to stand for people searching for security holes."
Doesn't this set precedent though? Or are you saying that precedent is only set in appeals courts or higher?
I know a couple of the VC3 guys...they're not idiots.
It wasn't just a port scan. It was multiple port scans and ping floods. When the guy was contacted, he claimed he was doing these "security scans" (since when does a ping flood tell you anything about the security of a remote network?) on the behalf of the client.
VC3 didn't try to bring criminal charges against him. VC3 simply notified their client that he was doing this and said he was doing it for them. The client proceeded with the criminal charges. The guy then sued VC3 basically because VC3 did what any good company should do...they informed their clients.
"But, if you're running a port scanner, then you'd be walking up to windows and doors and tapping on them, checking to find those that were open and/or unlocked."
Sometimes I think that people tend to forget the difference between an analogy and a direct parallel.
What if you stood in your living room and watched the neighbor's place with binoculars to see if he locked the windows or doors when he went out? In Canada at least, if you're on your own property and not using 'undue means of surveillance' (i.e. IR binoculars, etc.) then this is legal.
And yet, you're still scoping out the neighbor's place for a possible illegal action.
Regardless, it should be pretty obvious how things should be: Legitimate use of legitimate tools should be legal and accepted. Questionable or illegal use of tools should be punished, but it's the specific behaviour that's getting censured here--not the tool or the mere use of the tool.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
Until the burglar enters the house, surely it's just trespassing, which where I come from is a civil and not criminal offence.
Oh god yes I love that movie. Of course, I think that the government and the oil cartels are in on it together. After all, why wouldn't the oil companies want to get in on a conspiracy that pours more money into their pockets?
------------
I wouldn't even take port scanning as seriously as this. I see it as being more akin to looking around in the convenience store and seeing which of the usual convenience store products they offer. Perhaps one store offers only Pepsi products while others in the same neighborhood offer Coke products as well while some others also offer beer. However, sales of beer are restricted and identification must be presented to access beer. Does this make it wrong to enter sever stores in a neighborhood and notice if or if not they offer beer for sale?
_____________
I don't want free as in beer. I just want free beer.
Port scanning a system is directly analogous to trying the locks on someones home.
It is not free speech, it's a violation of property rights.
You do not have the right to use anyone elses computer hardware for any purpose without permission.
Yes, but you do have the right to walk down the street and peer into windows. You have the right to walk up to their door and even try the lock. You can even carry a crowbar while doing it if you wish. The police don't have anything against you until you enter the premises and leave with something. If you just enter and leave, they still don't have anything on you unless there were no tresspassing signs up. There are 'breaking and entering violations', but no 'entering' violations that I know of.
If a policeman notices you acting suspiciously and want to catch you (as opposed to just stopping you), he will watch you and catch you with the good after you left the premises. Notice, that store security doesn't stop shoplifters until after they've left the store. Until they cross the threshold, they are not shoplifting. They may have the intent, but they haven't yet committed the crime.
Servers on the public network are like window displays. You can't set up a server for everyone to see and then sue people for looking at it, just like you can't sue people for crossing your yard and looking in the window.
Course, I did hear of one case where a man looks through a window from the street and sees a woman dressing. She sues him for being a peeping tom, and he countered sued her for public exposure. They both won...
The contractor was in the wrong and deserved to be fired. If he had recieved permission to scan the network, it would have been another matter entirely, but acting on his own was wrong and should have been illegal.
The man was installing a network component. Are security tests not to be included as part of a system test? If the network was later successfully attacked and it was disclosed that the installation contractor hadn't done the barest minimum security checks, wouln't he be held liable for negligence? In my view, not only were his actions ethical, they were prudent.
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
Good, now my ISP won't give me any shit about it.
M$ stock dropped in 1/2 since last year. If you are a MCSE, you will be broke.
I know there are countless analogies to portscanning. The one I usually make is walking around a mall parking lot, looking inside cars to see if the keys are still in the ignition.
You're not going to steal the car, but perhaps if you see the owner of the car, you may alert him of the condition. More likely though, you have no idea whose car it is, just that it's ripe for stealing.
Praying for the end of your wide-awake nightmare.
What you meant to say was that no one who was careless has ever broken into your systems. It is inevitable that a large company with an Internet presence is going to be hacked at one time or another.
There are new exploits found everyday. If you don't need to portscan your network to know it's secure, good for you. Other people aren't so confident. Also, it seems to me that being so confident in yourself is a Bad Thing(tm). I'm not saying that a system admin should doubt himself*, but it does seem important for them to have the humility to accept that he is probably not the best in the world, and that someone out there who knows more than him.
The real question is who will hack you, and how prepared you are to minimize downtime, if any.
* For grammatical correctness I say "himself/he", but if you would be so kind as to read it as "him or herself" and "he or she" I'd be ever so thankful. ;)
karma is for the weak >)
(eom)
Blar.
It's the equivalent of a burglar checking your doors and windows looking for one that's not locked.
Not at all, because opening a door to a stranger's house is clearly a crime. Opening a tcp connection to a stranger's web server is something that we do thousands of times a day. If you're not running a public service, you shouldn't be on the internet, you should be behind a firewall.
ok then your [sic] infringing on my copyright! Could you as [sic] me next time before STEALING my comments for your own?
I think what's going to happen with computers is that the owners will eventually be required to insure their computers are secure - much like with other possessions.
Since everyone is throwing around analogies, if you have, say, a trampoline in your yard, it must be secured so that a child cannot simply walk up to it and get on. It is called an attractive nuisance, and if someone is injured on it you would be sued by the kid's parents. Same with a computer. If you put up a web server you must secure it or expect that someone is going to crack it.
> The only people who use port scanners are script kiddies and hackers.
I used a portscanner this morning on our internal network. The problem was, we have no domain names and I had forgotten the IP of the machine i was looking for, but I know roughly which ports were open. Scanning quickly found it for me.
Okay, this was on a private network so its an entirely different matter, but it helps illustrate my point which is this: Just because SOME people (ie, you) can't think of a legitimate use for a tool and you CAN think of a bad use, doesn't mean it is a bad tool.
I would also add that (mainstream & non-techie) people are more likely to have heard of all the bad and evil things that can happen with these tools, and unlikely to have heard of legitimate uses. This is simply bacause legitimate use of what is after all an incredibly dull piece of software does not make interesting reading. Talk of hacking, cracking, e-fraud, espionage, etc. sells papers and increases page hits.
-- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz
Well, no. That was a Federal Court that made that ruling, it is just housed in Georgia. U.S. District Courts are federal.
Whether or not the door opens is irrelevant. The only way a crime is committed is if I step through that doorway.
Portscanning is exactly the same.
The only difference is that in the real world, it's pretty hard to stop someone from coming back to check your doorknob every day. While, with a portscanner, it's pretty easy for a competent admin to automagically block out an IP (or ranges of them) after just one "offence".
--
You are right to be suspicious, and any good admin will investigate. However, it makes perfect sense that you shouldn't be able to sue the scanner for the time you lost investigating it.
Actually, the case is still quite valuable, especially in Georgia courts, as precedent. Judges hate to make wrong decisions or decisions that will be overturned. One of the ways they have of knowing they're not the only ones to interpret something a certain way is precedent. While precedent means much less in an appeals court, it does factor in there.
You are correct, however, in distinguishing the use of a single port scan versus high-frequency, repeated port scans that could cause a DoS. These would probably not be upheld as legal. What would be difficult to call is what the decision would be if there were multiple, unconnected portscans resulting in a DoS, as if a bunch of random people just decided to do it all at once for whatever reason, with no prior knowledge of the others activities.
What a load of crap. The internet is a public network. If you think you can control what is on the public side you are fucked. Locks keep honest people honest. Now if you are getting port scanning from the private side you have bigger problems.
My ISPs newsgroup (sympatico.highspeed) is full of people whining about hack attempts. I get the impression that this is the tip of the iceberg and that there are a lot of people living in fear, and also many more who report them to the ISP (wasting their resources). I would suggest that most of the time these are just false alarms and caused by the background noise of the internet.
How often have you typed an IP address incorrectly? My office uses public IP addresses internally. Thie means that if the VPN isn't connected, my Netbios, Visual Source Safe, SQL Server Enterprise Manager, etc, are all attempting to make connections to machines on the internet. All harmless, but will trigger warnings from many people's firewall software.
These companies producing this firewall software base their marketting on people's fear of the unknown, and in fact increase their fear of being hacked. Just the other day somebody was whining on the newsgroup about a connection attempt on port 7 (ping). He thought he was being hacked and wanted to know where he should report it.
You can read more about it here.
Snicker.
I didn't say anything.
--
Sheesh, evil *and* a jerk. -- Jade
"It is a greater offense to steal men's labor, than their clothes"
That would be the same as me having a cable modem and a home network, but only having one computer with a public IP. Why your company has IS and no Firewall is beyond me(a firewall would stop outgoing/incoming request on ports 137-139 at the very least.) Anything less would be called useless, like those personal firewalls.
Admins and their managers are going to have to face up to the fact that if they want to maintain a secure system, they'll have to be vigillant and won't be able to sue everyone for their time.
A trial level court decision does not mean much, except to the parties, until there is an appeals court rules on it (or denies to rule on it, sometimes).
The issue on port scanning will come back again. It will be decided on frequency, and by whom. If you try repeated times on the same system, or using kiddie scripts it will be ruled against you.
Fight Spammers!
So, if you're running a webserver, someone can send regular old HTTP requests to that port, but no one can send anything else to the port? How about ping? Would you let someone ping your webserver?
Check out the laws on "tresspass", "prowling" and "possession of burglary tools." Go ahead and try walking up to someone's door with a crowbar while a cop is watching you and see what happens.
For the state of Washington, we have the following:
RCW 9A.52.060 Making or having burglar tools.
(1) Every person who shall make or mend or cause to be made or mended, or have in his possession, any engine, machine, tool, false key, pick lock, bit, nippers, or implement adapted, designed, or commonly used for the commission of burglary under circumstances evincing an intent to use or employ, or allow the same to be used or employed in the commission of a burglary, or knowing that the same is intended to be so used, shall be guilty of making or having burglar tools.
(2) Making or having burglar tools is a gross misdemeanor.
Also, the law against tresspass is the following:
RCW 9A.52.070 Criminal trespass in the first degree.
(1) A person is guilty of criminal trespass in the first degree if he knowingly enters or remains unlawfully in a building.
The defenses against tresspassing do not include "not having a sign up":
RCW 9A.52.090 Criminal trespass -- Defenses.
In any prosecution under RCW 9A.52.070 and 9A.52.080, it is a defense that:
(1) A building involved in an offense under RCW 9A.52.070 was abandoned; or
(2) The premises were at the time open to members of the public and the actor complied with all lawful conditions imposed on access to or remaining in the premises; or
(3) The actor reasonably believed that the owner of the premises, or other person empowered to license access thereto, would have licensed him to enter or remain; or
(4) The actor was attempting to serve legal process which includes any document required or allowed to be served upon persons or property, by any statute, rule, ordinance, regulation, or court order, excluding delivery by the mails of the United States. This defense applies only if the actor did not enter into a private residence or other building not open to the public and the entry onto the premises was reasonable and necessary for service of the legal process.
John
John
but what about DOS attacks? Aren't they illegal?
Perhaps someone else knows the answer to this but:
When does a portscan (which usually is a fast connection to most open ports on a machine) become a DOS attack? Let's say I have DSL, and my victim, er, test subject has a dialup, and I portscan him (or look at his windows as some here would see it) is that not wrong? If portscanning is just looking, then why can 'just looking' congest a dial-up users's network connection (which they are paying for)?? I do realize that portscans last for only a few seconds but it is still using their resources without their permission.
It would be a different story if portscans were passive, but they are active and could be considered DOS attacks.
Why do I keep typing pythong?
Apparently he wasn't obvious enough... Still, he managed to get modd'd "funny", so at least some moderator had a clue.
The enemies of Democracy are
Last week, I portscanned impop.bellatlantic.net. Verizon, formerly Bell Atlantic, hosts our mail and were having problems. The week before that, I did a portscan on my firewall when I was bringing our DNS in house. Good thing I did, I had opened up tcp instead of udp. This, like so many other things, is not a black and white issue. If I were to portscan slashdot with no good reason, OK, I can see why someone might be upset. If I were to then attempt to do more serious detection, sending packets to see how they return to tell the host type, try to run dos's etc. Then I am begining to cross the line. It's the intent of the person that does something that makes it illegal. If I have a locksmith kit and I lock my keys in the car, it's 100% ok to use it. If I left locked my keys in my car and decide to take your car it's not. This is a good ruling, one cannot make something illegal simply because the possibility of doing harm exists, one must make the doing of harm with something illegal. just my $0.02, niku2000@hushmail.com
So am I correct in assuming that you also do not see locking one's doors as something that should be acceptable for folks like you to do?
have a day,
-l
No, port scanning is not analogous to trying someone's locks...that would be running scripts, etc. that attempt to exploit vulnerabilities in the software that's actually listening on a given port. Port scanning is more analogous to driving by a house and looking at the doors/windows...that's all. If you don't want to be scanned...DON'T PUT YOUR MACHINE ON THE PUBLIC INTERNET. It's going to happen.
- Mirio
>> I know my systems are secure.
That's nice. How did you come by this confidence?
I've got firewall scripts that I trust, too.
But that trust was gained through testing, and
a portscanner was a handy tool at the time.
This is probably the very tip of a fairly huge iceberg. This company VC3's security staff are no doubt representative of the kind of cheap labor that companies are looking for these days. Hence they are perhaps not as competent in their work as network administrator should be. Anyone can detect a port scan. The point is to have your ducks in a line when the script kiddies come knocking, not to defame some poor guy who happened to knock inadvertently while in the line of duty. It is interesting to see this kind of case in a U.S. district court, though. I mean, 5 years ago, wouldn't it have sounded strange? "Judge rules that port scans are legal" It's eerie how quickly the courts are brought into the melee.
Trying to play with analogies is bad, but this one needs to be cleared up.
Port scanning can only tell you what ports are open. You need more tools to 'abuse' those open ports to gain access to the system, and further tools to actually damange the system.
The analogy should be that port scanning is simply looking at a home and counting the doors and windows. "Hmm, they don't have a door in the back of the house" is equivalent to saying "they're don't have port 23 open". Attempting to connect to that port to see what exploits might be possible is comparable to checking a door on a house to see if it's unlocked. The final step, abusing that exploit, is then compariable to the 'breaking and entering' crime.
Port Scanning should certianly not be a crime based on this analogy, but again, analogies are bad things to start with. :-)
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
No, you're looking to see if the door(port) is open or not.
Port scanning a system is directly analogous to trying the locks on someones home. It is not free speech, it's a violation of property rights.
No, that stupid tired analogy is not even close to correct. Port scanning allows you to discover what services a machine is running. It doesn't test the security of those services, it merely detects their presence. The "trying the locks" analogy would work if the scanner, having discovered that a service is running, then tried a combination of usernames and passwords to actually gain access to the system. But this guy did no such thing.
As for the particulars in this case... This person was hired to secure his client's network. A reasonable part of that duty is to see what machines are connected to the network and see what services they are running to assess potential vulnerabilities. It's completely clear that this person did not have any hostile intent in doing this, and on the other hand he would have been seriously remiss in his duties had he NOT assessed the network for potential security breaches.
I cannot believe that that my so-called "peers" get a wild hair up their ass because someone scanned their network.
I definitely do not want to assume but every "admin" that I have talk to that think that port scanning should be illegal does not have the slightest clue on hardening networks and servers.
I have also notice that these same admins are NT admins. Coincidence?
ChozSun
ChozSun.com
I disagree. Its more like counting the doors. An attempt to open a door is a different story, but thats beyond a port scan. Besides, I bet that the majority of /. users have run an 'illegal' port scan more than a few times, even in the last year. In that case, we had better toss all you geeks in the slammer.
However, if through the use of a port scanner, a script kiddie finds a weakness in one of your web servers and proceeds to take down your network, then I think it does "impair the integrity nor availability of the network."
It's the equivalent of a burglar checking your doors and windows looking for one that's not locked.
I use portscanning tools all the time on my own network. However, I'll be damned if I'm gonna sit back and let some 12 year old with some software downloaded from Tucows identify every machine in my network and what ports they're using.
Never had it happen though, that's what the firewall's for.
No boom today. Boom tomorrow. There's always a boom tomorrow. - Cmdr. Susan Ivanova
Thank god that the judge did not buy the standard comp-sec firm talk that a scan is the same thing as a hack attempt.
Over here (Sweden) there have been lots of whining lately from the security firms suggesting that all broadband users should buy their firewall to avoid the hundreds of hack attempts every day.
Now how a badly configured firewall would help I do not know.
To me it seems that security firms have some of the worst security of all internet sites.
GO EEYE!
Consider an admin at a university who has several machines distributed over the campus and where the campus does not have any firewalls due to the intractabile political problems involved with the networking department imposing firewall rules on researchers. If that admin cannot afford to buy a firewall for every single one of those boxes, and the OS provides no packetfiltering functionality (Tru64 Unix does not have this, and there's no freely available packetfilter utility for Tru64 like ipf), then the admin cannot firewall ports on the machines. And if the admin needs to run RPC services (e.g. nfsd) or other services which don't have access controls, and which the admin does not have source access to, then how is the admin supposed to close those ports?
I've been in that situation before, and I can state that those open ports were open only because I hadn't yet figured out how to close them. They were not "public" they were not "invitations" and I certainly didn't want you portscanning them.
A port scan is not necessarily an attempt to subvert a system. It can be a sympton of mere curiousity, wanting to get a fingerprint to satisfy ones wonder as to what OS a particular system is running. In that sense, it's not really that different then running a traceroute.
---
man sig
---
the pen is mightier then the sword. the sword is mightier then the court. the court is mightier then the pen.
One problem with your argument, though I symapthise
By your own acknowledgment you knew you were leaving these ports open and were only failing to close them due to politics. The unfortunate fact is that you should have either taken the machines off the net OR did as you did and face the consequences. You placed these machines onto the internet and in doing so placed every open port onto the internet. What this judgement correctly states is that this action provides permission for anyone to see which ports you have placed on the internet. The judgement does not say that because this port is there you are allowed to do what you want with it, to my mind someone could however have gone as far as to mount your open drive and run an ls or two (discovering that this is not in fact a port left open for anyone to usefully use)...but if they started lookin at anything let alone modifying it.....
Again I sympathise with anyone in such a situation (and BTW I have never used a portscan except on my own computers) BUT I fail to see any proof in your counter argument....
Never underestimate the dark side of the Source
well, standing on the sidewalk and looking at your neighbors door isn't illegal.
This could become quite interessting IMHO. So far I've seen very little 3l33t script kiddies who could also show any clue or even some knowledge of what they are doing. I could be wrong here but afaik the script kiddies are the ones scanning the most; they only need to know if a certain port is open so they can try out a program which will try to abuse the port. A real hacker would be more interessted in security flaws and bugs in software (remember the apache exploit a few months ago?).
SO... As far as I can see; What we may expierience here are a lot of narrow minded people who start out scanning hoping to find nasty exploitable ports feeling quite safe. And when they do in another state or country this could turn out to be very nasty. I'm not saying that this will happen, but I'm sure it could happen.
Ok, this is just a pet peeve of mine, but why does everyone keep coming up with these analogies? Computers and the internet are a new system, and are not really analogous to anything. I only mention this because it seems that 3/4ths of the comments on any security-related story are "It's like counting the windows", "No, its like trying the doorknob", "No, its like breaking the window", etc... I think the analogies are meant to make it easier to understand the issue, but they just make it more confusing.
My 2 damn cents.
-zmn
It is - of course - a conspiracy by the government to keep people literally in line. As long as you're in your car, you can't bomb buildings or perform other means of attacking national security. You can't even escape. You're trapped! And at the same time, you're spending money (on gas), i.e. you'll contribute to the US economy.
And IF you realize this conspiracy and try to escape your jail, you'll end up dead - see Falling Down for details.
I would not consider port scanning to be like actually trying locks. It is in fact the least intrusive method possible to determine whether or not a machine is offering services to the public. In this way, it's more like walking down a street looking to see which buildings have open doors and welcome mats.
Here's a real world example I just came across at work. Part of our address range is in use by a high school. It seems that one of their computers decided to scan for FTP ports on a whole lot of addresses. I don't know if it was a student doing it or if the machine was hacked first. But, do you think this is "a violation of property rights"? For someone to go out and ask machines on the internet if they allow anonymous FTP access?
I agree completely that if someone is doing things which can only be viewed as a hacking attempt such as scanning for ports with commonly known vulnerabilities which are not used for public services, that's a problem. But, if someone is just looking for machines which are allowing anonymous FTP, who cares? This isn't like "trying the locks" at all.
It seems like you have a pretty extreme view of what it means to "use" someone elses computer. Is trying to FTP to a machine something which deserves a stiff penalty? What about a ping? What if I happen to get an arp sent down your DSL line? What about when IIS tries to connect back to web clients to get name information? Is this a criminal act on the part of Microsoft to engage in illegal tresspass? Did Cable and Wireless give me implicit authorization to send packets thru their router when they connected it to the internet? Did you give me implicit authorization to send packets to your host when you connected it to the internet? Is it my responsibility to intuit that you don't want FTP sessions? Or is it your responsibility to block FTP packets if they are unwelcome?
I log them and put them up on the web for all to see.
vapid.betteros.org
Microsoft aggravates my tourettes syndrome.
Does anyone have any thoughts on whether they would want stealth scanning to also be legal, if connect() scans are legal?
dtach - A tiny program that emulates the detach feat
Thank god someone brought this up. I've read almost the entire thread looking to see if someone would bring this point out
/. disregarded it completely, and the /. community added fire to the FUD.
This was a civil trial. The quote from the attorney was he wouldn't recommend his client not take civil action. This is not a criminial case and does not set criminal precidence. Remember the OJ trial? OJ was aquitted of criminal charges but still lost a civil suit and had to pay damanges. This can work the other way, and may very well do so in this case. The criminal system and the civil system are completely different. I am not a lawyer, but even I knew this. Securityfocus almost addressed this issue,
I'm down with that, as it were
Seriously, try port scanning yourself. You will be AMAZED at what you find. Even just to test out ipchains/iptables rules, I like to scan my machines from both a trusted and untrusted site. Often things will show up that really shouldn't show up. Once you see it, you can easily fix it.
You are only doing yourself a disfavour by being so pig-headed.
- Toby
... or let SAINT handle it all!!!
I was, uh, checking the specs one the end line for the rotary... girder. I'm retarded. - Tommy Boy
ChozSun
ChozSun.com
This makes sense, but i'm sure there will be many "Security experts" here on Slashdot crying like babies because they can't use a port scanner. I say to anyone who claims that they need a port scanner to do their job, Rubbish!
The only people who use port scanners are script kiddies and hackers. A proper sysadmin knows what ports should be open, they don't need a tool like a port scanner to find their security holes.
I am a system admin for a large company in the UK, and I have never detected a sucesful breakin to our systems. I don't go port scanning the systems to "test" them every week. I don't need too, I know my systems are secure.
'Tis nothing but a script kiddie, tapping at my port...
[root@box0r root]# nmap -S 208.47.125.33 -e eth0 -P0 -sS slashdot.org
Beautiful...
The judge got it right. Congratulations.