Slashdot Mirror
Judge Says Port Scanning Is Legal
cvbear0 writes: "SecurityFocus has an article explaining a ruling from a U.S. district court ruling in Georgia about port scanning. The judge ruled that that port scanning tools neither "impair the integrity nor availability of the network." Both parties agreed not to appeal the judge's ruling."
Trying to submit this, but the slashdot server keeps barfing out error messages:
The HoneyNet Project, a network of honeypots!
The Honeynet project is a group of 30 security professionals dedicated to learning the tools, tactics, and motives of the blackhat community and sharing those lessons learned.
ZDnet report
Best Slashdot Co
Difference is YOU choose to use yours. I had no input in your use of mine. I pay for mine. I choose to accept the overhead of PPP/ethernet. I DON'T choose to pay money for you to satisfy your curiosities.
Open Source. Closed Minds. We are Slashdot.
You, or your PC, is the one that addressed them. That "common carrier" thing, remember?
Open Source. Closed Minds. We are Slashdot.
/. has finally come to its senses and failed to mod someone down for even considering windows could be secured
Never underestimate the dark side of the Source
I actually don't mind when someone attempt to find open FTP ports on my system. If someone telnets into my box they get a polite message asking them to go away and never try to access my system again.
The the lusers who access 21,22,23,12345,12346,31337 all within 2 seconds, and are probably doing the same to everyone on my B subnet who really really really piss me off. In a rage, I wrote up Stop the portscanners. Yes, it's pretty ragy, and probably over the top. With this ruling I might change my mind a bit.
I also wrote a program called antagonizer. It "teletypes a message", typing a character every 100ms, with a Ctrl-G between each character. It's damn annoying to telnet into, crashes IE's ftp, etc. If they try to access 12345, 31337, it tell them to fuck off and start looking for another ISP. I've actually managed to get ISPs to drop users by informing them that one of their users is portscanning. Works maybe 10% of the time.
In the wake of this ruling, I've been thinking of creating an "eye for an eye" system. If you access port 21 of my system, my machine access port 21 of your system, and sends you back the results. Haxor cracks into their own system, logs at 11... Not sure how well it would work for thinkgs like ssh, but in theory should work.
Also thought about a scanning detection or honeypot network, where the results of portscans could be logged or analysed from a single server.
That depends on where you live.
I know that here in Texas jiggling the door handle would fall under the classification of criminal mischeif at night which does justify the use of deadly force. Now whether or not your conscience could handle shooting little Jimmy from next door who just wanted to know if you saw his puppy is a whole other question. The fact is you wouldn't be gonig to jail.
Never underestimate the power of human stupidity -RAH
any purpose without permission.
I am not sure if this is strictly true. Would it then be illegal to send a single ping to a machine to determine whether it is responding to packets? How about traceroute? When you are using the Internet, you are using a lot of other people's hardware without having explicit permission (i.e. routers, backbone providers, and so forth)
It seems to me that by placing a machine on the Internet, and running public services, you are implicitly granting permission for people to use it for some purposes. (If the machine is also implicitly running a public service, i.e. a router, implicit permission is also granted, IMHO)
dtach - A tiny program that emulates the detach feat
I think you're trying to park in his driveway, not on the public road.
Open Source. Closed Minds. We are Slashdot.
Well said.
The only way people have of knowing whether your servers offer particular network services is by trying a connection. TCP/IP offers no other way. When you're on the main high-street of the Internet (ie. directly connected), it must be expected, because there is no other way for people on the street to know what services you're offering.
In contrast, if your servers are not intended to be "on the main high street" and you don't want people to know what services they provide, then firewall them off --- this makes them private property, off-limits to the high-street wanderer.
The continuous rain of port scans on the Internet is irrelevant to any sysadmin that structures systems properly into public and private parts. Yes, testing for open ports is often performed during crack attempts, just like looking is often performed during burglary, but if you want to know what's around you then you cannot avoid doing either of these. The technology offers no other way.
If you don't want street wanderers looking at your establishment and walking in through any doors that you've left open, put it behind a wall, and silently drop all packets that fail your access policy. To complain about port scans is to misunderstand the limits of TCP/IP.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
Do I need to elaborate?
Please stop APK.. you're only hurting yourself.
If you connect your computer by to the Internet and it is assigned an IP address, then it is potentially offering an infinite (or is it 65536 or ....) number of ports to the public internet. Each and every port you connect to the internet becomes part of the shared public network, just as you assume that people who you have never met, dealt with or heard of will route your packets you are offering these connected ports. If someone port scans your computer, they are portscanning a public IP address (or else you are behind a firewall and should be asking questions of the provider). TCP/IP does not (that I know of) provide a DNS like system to say which ports are useful on each IP so using a port-scanner is the only way to find out what you are usefully offering. How am I meant to know what services you are providing on your public part of the public internet (lets make a public and private net addressing system to say that your system is different if you don't accept this)?
Never underestimate the dark side of the Source
Simply choosing whatever real-world analogy best supports the position of port scanning is good/bad is a faulty argument. Why not discuss the topic in terms of the actual result of the actual action we are talking about? Port scanning does no real harm right off the bat. On the other hand, it is impolite to do, because now the admins of the box you scanned have to worry about what your intentions are. So going around portscanning strangers just for fun is kind of a bad thing, but not so bad that no one should ever use such a piece of software, especially since it is so educational.
And that's my take. Sure, if I put on my security admin hat, I don't want anyone ever doing any port scanning, because it makes my job a lot easier: anyone scanning my box is an enemy. On the other hand, if I put on my student hat, how am I ever going to learn things if the most educational tools are seen as dangerous and disallowed?
-- "Just the superficial sort of [analogy] someone grounded too far in 'reality' would think up. TURN UP THE FEED, YOU WIGGLY MEAT THINGS! THIS IS THE NET! NOTHING'S REAL!" --Rache Bartmoss
--
share and enjoy
Kewl, now are all the 3l33t script kiddies on the secure site!
And who pays for the bandwith?? Some people don't have flat fees.
Before you email me, remember: "There is no god!"
Alex Bischoff
Alex Bischoff
---
Alex Bischoff
HTML/CSS coder for hire
Finally we see a little intelligence from our court systems. I mean, I do not do any sort of cracking, but I love to know what people are doing with their boxes. I have port scanned many of the servers around my university just to see what they're running. Port scanning does not hurt the network at all, it just throws a few packets at each port trying to establish a connection and then moves on. When can we schedule this judge to hear the decss case??
Moulton probably could have avoided the problems by asking permission to do a port scan first.
It's interesting that he's still in trouble over the port scan in the first place, this ruling just says that V3 can't claim damages from it.
********* sig: If you don't like the law, get filthy stinking rich, and buy a better one.
Gotta love the judge's name 'Thomas Thrash' - clearly, his h0n0r is a l33t h4x0r.
Sean
In the end be VERY careful what you do, because doing what is correct will not always protect you. When we do any security audit/analysis for a company we get a written agreement from them AND their connected networks. Some sysadmin's are pretty high strung.
As one sysadmin put it "I don't like my territory pissed in".
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
The poster is making an inappropriate analogy when he/she suggests that checking whether a network service is available to the public through the front door on the Internet is equivalent to monitoring sexual activity on private property.
Unless your humping is intended to be on display on the high street, there is no analogy here at all. Presumably if the sex is with your SO then it's not meant to be public. It would usually be on private property, ie. behind a wall and/or locked doors, so that high-street shoppers don't think you're offering viewing of your bedroom antics as a service.
Don't forget that TCP/IP offers no other way for people on the net to determine what services you are making available to them: trying to open connections is the only way of finding out what network services are being offered. Protesting about port scans just shows a lack of understanding of the demands and constraints of TCP/IP. Without the ability to open connections to check on services offered, one would be more constrained than a blind shopper on the high street, never knowing which establishments are open and which are closed.
If you don't want your private resources to be visible to the public, get off the high street by placing your servers on private property, ie. wall them off behind a firewall out of reach of port scans.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
I've heard that analogy before, and *plo ease* stop it. No it is not the same as trying if someone forgot to lock their door - that would be the actual exploit, if anything...
When is a port scan a port scan ? If I scan one port ? two ? ten ? If I connect to a machine on port 80, I expect to get the web-server - but it is a one-port "scan" as well. Is that leagal ? What if I follow a link from somewhere that points to http://yourhost.com:81/, but you never had a web server running at port 81 ? Am I a burgler ?
Give up the ghost-hunting, and let's focus on the real issues... If you log a port scan, you're wise to keep an eye on that IP. But nothing happened yet, and maybe nothing will.
If I walk by your house looking at your front door, maybe you'll be wise to keep an eye out for me next time. But if you come after me on those grounds alone, the law is on my side.
It is wise to use logged port-scans to focus your detective work, but attempting to act on them alone is ridiculous. It is very simply *just*not*good*enough*.
Mattel continued with a baseless libel lawsuit, even though their own attorney admitted that I believed what I published. When a judge asked them what was libelous, Mattel moved to dismiss. Mattel is the one who tried to shake me down, Mattel tried to shake down others. Mattel has over 130 cases in only one of Federal courts; Mattel has 10 pages of cases (1 line per case) in the LA superior court. Are you saying my lawsuit against Mattel is abusing the courts more than Mattel abuses the court?
Why don't you check the facts before you jump to conclusions.
Fight Spammers!
Which would really truly suck ass. It would make me have to switch ISPs.
I often use my hom emachines to port scan machines that I have on other networks to see what can get through, what is running etc. Port scanners are GREAT tools.
Sure, its nothing that can't be culled from netstat and other things, but port scanning is fast and effective. It also is great for testing ipchains rules etc to block port access.
Besides... port scanning is not malicous. Sure, it is often a prelude to an attack, but it is not, itself an attack.
Port scanning is just a useful tool. If you don't want people using a service, then don't set it up so that the entire world can access it. If you don't want people connecting to a port, then don't run anything on that port, or block it off with ipchains rules.
If its available to the world, then assume that it is public...because it is. I mean really... looking in the window of your car is a prelude to stealing your stereo... but does that mean we should outlaw looking in through the windows of parked cars?
-Steve
"I opened my eyes, and everything went dark again"
Ah, the "three pings and you're out" approach.
Does possesion of a tool capable for use in a crime make that possession a crime? Of course not. But, if you walk into a bank with a loaded gun and a ski mask, or if you are caught sneaking around people's houses with a crowbar, I think the police will certainly take a suspicious look at you. Same with repeated and targeted port scanning.
We're treading onto some very thin ice with this subject. I personally use port scanners all the time. But if anybody else on my network is caught using one, then I'm gonna get very suspicious.
No boom today. Boom tomorrow. There's always a boom tomorrow. - Cmdr. Susan Ivanova
It sounds like a university policy problem compounded by a poor design choice by DEC programmers. That's a lot like renting a building that has a doorway without a door and the owner not permitting you to put a guard there.
The problem here is bigger than portscanning though. There is little sense of property on the internet as a whole, where people think that "information wants to be free" when information is just a pile of bits with zero will or desire of its own. We have people stealing music, videos, programs, companies spamming us with our own bandwidth and a lot of people running all over thinking they can do what they damn well want to. Just as I'd like to own a house in which I don't need to have a phalanx cannon to ward off intruders, I shouldn't have to be eternally vigilant about a _computer_.
So in short, I guess there is little sense of accountability on the internet, some feel that the anonymity gives them a right to screw things up for everyone else.
In some (US) jurisdictions, owning, for example, lock picks without being a licensed blacksmith is a crime. So, in some areas, owning of the tools is as illegal as using them.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
I propose "Free as in cable" (You can hook up multiple cable ready TVs to cable splitters to get cable recption on all of the TVs, at least where I live, I no longer do it myself, but I used to). The concept being you've paid someone else for something, and you can get another copy with your own effort, but the source of the good/service doesn't want you to/doesn't want you to know that you can. It's not the same as "Free as in speech," it has nothing do with innalienable rights. Nor "Free as in beer," it's not possible to get two pitchers out of one (barring free refills). "Free as in cable" represents something where you're able to get more out of something than the provider wants you to, and the only way they can stop you is by the provider saying that you can't do it.
This applies to the story in that you CAN port scan someone, but they may want you not to do it. You've paid for the use of an internet connection, and can do more than someone else may want you to with it. Free as in cable applies also to the analogies people have been offering of looking at someone's house through the windows. If they don't draw the curtains (or blinds), you can look inside from a distance without, but they may not want you to. You may just be admiring the new wallpaper your neighbor put in, but you may also be looking to see what the combination to the wall safe is.
Theoretically you could bar your windows all the time, but you lose the convenience of watching a thunderstorm from inside, or letting a breeze in on a hot day. Saying that someone isn't allowed to look in through your windows to stop them only works if the that someone obeys your request. They're still free (as in cable) to look in. It's the price we pay for living.
Inheritance is the sincerest form of nepotism.
Some expenses are a necessity and are the responsibitily accepted under the circumstances. People may use your restroom in your restaurant, but you can't charge for it and you can't deny access to it from the public. It is an accepted expense, whether or not it is used.
---
seumas.com
Just because you never detected a breakin does not mean you have'nt been broken into. So you know every service open on your large network? Lets say 3000 machines? So your saying you have hand setup, configured and installed each and every machine on that network? There is no possible way that anyone could have enabled a service you dont know about? Every single machine has been patched and audited for security holes? For every version, architechture out there?
I am amazed.
Microsoft aggravates my tourettes syndrome.
But, if you're running a port scanner, then you'd be walking up to windows and doors and tapping on them, checking to find those that were open and/or unlocked.
Running a sniffer isn't illegal (but it's fun to watch what your neighbors on the cable modem are doing).
No boom today. Boom tomorrow. There's always a boom tomorrow. - Cmdr. Susan Ivanova
"But, if you're running a port scanner, then you'd be walking up to windows and doors and tapping on them, checking to find those that were open and/or unlocked."
Sometimes I think that people tend to forget the difference between an analogy and a direct parallel.
What if you stood in your living room and watched the neighbor's place with binoculars to see if he locked the windows or doors when he went out? In Canada at least, if you're on your own property and not using 'undue means of surveillance' (i.e. IR binoculars, etc.) then this is legal.
And yet, you're still scoping out the neighbor's place for a possible illegal action.
Regardless, it should be pretty obvious how things should be: Legitimate use of legitimate tools should be legal and accepted. Questionable or illegal use of tools should be punished, but it's the specific behaviour that's getting censured here--not the tool or the mere use of the tool.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
Until the burglar enters the house, surely it's just trespassing, which where I come from is a civil and not criminal offence.
I wouldn't even take port scanning as seriously as this. I see it as being more akin to looking around in the convenience store and seeing which of the usual convenience store products they offer. Perhaps one store offers only Pepsi products while others in the same neighborhood offer Coke products as well while some others also offer beer. However, sales of beer are restricted and identification must be presented to access beer. Does this make it wrong to enter sever stores in a neighborhood and notice if or if not they offer beer for sale?
_____________
I don't want free as in beer. I just want free beer.
Port scanning a system is directly analogous to trying the locks on someones home.
It is not free speech, it's a violation of property rights.
You do not have the right to use anyone elses computer hardware for any purpose without permission.
Yes, but you do have the right to walk down the street and peer into windows. You have the right to walk up to their door and even try the lock. You can even carry a crowbar while doing it if you wish. The police don't have anything against you until you enter the premises and leave with something. If you just enter and leave, they still don't have anything on you unless there were no tresspassing signs up. There are 'breaking and entering violations', but no 'entering' violations that I know of.
If a policeman notices you acting suspiciously and want to catch you (as opposed to just stopping you), he will watch you and catch you with the good after you left the premises. Notice, that store security doesn't stop shoplifters until after they've left the store. Until they cross the threshold, they are not shoplifting. They may have the intent, but they haven't yet committed the crime.
Servers on the public network are like window displays. You can't set up a server for everyone to see and then sue people for looking at it, just like you can't sue people for crossing your yard and looking in the window.
Course, I did hear of one case where a man looks through a window from the street and sees a woman dressing. She sues him for being a peeping tom, and he countered sued her for public exposure. They both won...
The contractor was in the wrong and deserved to be fired. If he had recieved permission to scan the network, it would have been another matter entirely, but acting on his own was wrong and should have been illegal.
The man was installing a network component. Are security tests not to be included as part of a system test? If the network was later successfully attacked and it was disclosed that the installation contractor hadn't done the barest minimum security checks, wouln't he be held liable for negligence? In my view, not only were his actions ethical, they were prudent.
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
It's the equivalent of a burglar checking your doors and windows looking for one that's not locked.
Not at all, because opening a door to a stranger's house is clearly a crime. Opening a tcp connection to a stranger's web server is something that we do thousands of times a day. If you're not running a public service, you shouldn't be on the internet, you should be behind a firewall.
ok then your [sic] infringing on my copyright! Could you as [sic] me next time before STEALING my comments for your own?
> The only people who use port scanners are script kiddies and hackers.
I used a portscanner this morning on our internal network. The problem was, we have no domain names and I had forgotten the IP of the machine i was looking for, but I know roughly which ports were open. Scanning quickly found it for me.
Okay, this was on a private network so its an entirely different matter, but it helps illustrate my point which is this: Just because SOME people (ie, you) can't think of a legitimate use for a tool and you CAN think of a bad use, doesn't mean it is a bad tool.
I would also add that (mainstream & non-techie) people are more likely to have heard of all the bad and evil things that can happen with these tools, and unlikely to have heard of legitimate uses. This is simply bacause legitimate use of what is after all an incredibly dull piece of software does not make interesting reading. Talk of hacking, cracking, e-fraud, espionage, etc. sells papers and increases page hits.
-- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz
Whether or not the door opens is irrelevant. The only way a crime is committed is if I step through that doorway.
Portscanning is exactly the same.
The only difference is that in the real world, it's pretty hard to stop someone from coming back to check your doorknob every day. While, with a portscanner, it's pretty easy for a competent admin to automagically block out an IP (or ranges of them) after just one "offence".
--
You are right to be suspicious, and any good admin will investigate. However, it makes perfect sense that you shouldn't be able to sue the scanner for the time you lost investigating it.
My ISPs newsgroup (sympatico.highspeed) is full of people whining about hack attempts. I get the impression that this is the tip of the iceberg and that there are a lot of people living in fear, and also many more who report them to the ISP (wasting their resources). I would suggest that most of the time these are just false alarms and caused by the background noise of the internet.
How often have you typed an IP address incorrectly? My office uses public IP addresses internally. Thie means that if the VPN isn't connected, my Netbios, Visual Source Safe, SQL Server Enterprise Manager, etc, are all attempting to make connections to machines on the internet. All harmless, but will trigger warnings from many people's firewall software.
These companies producing this firewall software base their marketting on people's fear of the unknown, and in fact increase their fear of being hacked. Just the other day somebody was whining on the newsgroup about a connection attempt on port 7 (ping). He thought he was being hacked and wanted to know where he should report it.
"It is a greater offense to steal men's labor, than their clothes"
Admins and their managers are going to have to face up to the fact that if they want to maintain a secure system, they'll have to be vigillant and won't be able to sue everyone for their time.
A trial level court decision does not mean much, except to the parties, until there is an appeals court rules on it (or denies to rule on it, sometimes).
The issue on port scanning will come back again. It will be decided on frequency, and by whom. If you try repeated times on the same system, or using kiddie scripts it will be ruled against you.
Fight Spammers!
Trying to play with analogies is bad, but this one needs to be cleared up.
Port scanning can only tell you what ports are open. You need more tools to 'abuse' those open ports to gain access to the system, and further tools to actually damange the system.
The analogy should be that port scanning is simply looking at a home and counting the doors and windows. "Hmm, they don't have a door in the back of the house" is equivalent to saying "they're don't have port 23 open". Attempting to connect to that port to see what exploits might be possible is comparable to checking a door on a house to see if it's unlocked. The final step, abusing that exploit, is then compariable to the 'breaking and entering' crime.
Port Scanning should certianly not be a crime based on this analogy, but again, analogies are bad things to start with. :-)
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
Port scanning a system is directly analogous to trying the locks on someones home. It is not free speech, it's a violation of property rights.
No, that stupid tired analogy is not even close to correct. Port scanning allows you to discover what services a machine is running. It doesn't test the security of those services, it merely detects their presence. The "trying the locks" analogy would work if the scanner, having discovered that a service is running, then tried a combination of usernames and passwords to actually gain access to the system. But this guy did no such thing.
As for the particulars in this case... This person was hired to secure his client's network. A reasonable part of that duty is to see what machines are connected to the network and see what services they are running to assess potential vulnerabilities. It's completely clear that this person did not have any hostile intent in doing this, and on the other hand he would have been seriously remiss in his duties had he NOT assessed the network for potential security breaches.
However, if through the use of a port scanner, a script kiddie finds a weakness in one of your web servers and proceeds to take down your network, then I think it does "impair the integrity nor availability of the network."
It's the equivalent of a burglar checking your doors and windows looking for one that's not locked.
I use portscanning tools all the time on my own network. However, I'll be damned if I'm gonna sit back and let some 12 year old with some software downloaded from Tucows identify every machine in my network and what ports they're using.
Never had it happen though, that's what the firewall's for.
No boom today. Boom tomorrow. There's always a boom tomorrow. - Cmdr. Susan Ivanova
Thank god that the judge did not buy the standard comp-sec firm talk that a scan is the same thing as a hack attempt.
Over here (Sweden) there have been lots of whining lately from the security firms suggesting that all broadband users should buy their firewall to avoid the hundreds of hack attempts every day.
Now how a badly configured firewall would help I do not know.
To me it seems that security firms have some of the worst security of all internet sites.
GO EEYE!
One problem with your argument, though I symapthise
By your own acknowledgment you knew you were leaving these ports open and were only failing to close them due to politics. The unfortunate fact is that you should have either taken the machines off the net OR did as you did and face the consequences. You placed these machines onto the internet and in doing so placed every open port onto the internet. What this judgement correctly states is that this action provides permission for anyone to see which ports you have placed on the internet. The judgement does not say that because this port is there you are allowed to do what you want with it, to my mind someone could however have gone as far as to mount your open drive and run an ls or two (discovering that this is not in fact a port left open for anyone to usefully use)...but if they started lookin at anything let alone modifying it.....
Again I sympathise with anyone in such a situation (and BTW I have never used a portscan except on my own computers) BUT I fail to see any proof in your counter argument....
Never underestimate the dark side of the Source
well, standing on the sidewalk and looking at your neighbors door isn't illegal.
This could become quite interessting IMHO. So far I've seen very little 3l33t script kiddies who could also show any clue or even some knowledge of what they are doing. I could be wrong here but afaik the script kiddies are the ones scanning the most; they only need to know if a certain port is open so they can try out a program which will try to abuse the port. A real hacker would be more interessted in security flaws and bugs in software (remember the apache exploit a few months ago?).
SO... As far as I can see; What we may expierience here are a lot of narrow minded people who start out scanning hoping to find nasty exploitable ports feeling quite safe. And when they do in another state or country this could turn out to be very nasty. I'm not saying that this will happen, but I'm sure it could happen.
I would not consider port scanning to be like actually trying locks. It is in fact the least intrusive method possible to determine whether or not a machine is offering services to the public. In this way, it's more like walking down a street looking to see which buildings have open doors and welcome mats.
Here's a real world example I just came across at work. Part of our address range is in use by a high school. It seems that one of their computers decided to scan for FTP ports on a whole lot of addresses. I don't know if it was a student doing it or if the machine was hacked first. But, do you think this is "a violation of property rights"? For someone to go out and ask machines on the internet if they allow anonymous FTP access?
I agree completely that if someone is doing things which can only be viewed as a hacking attempt such as scanning for ports with commonly known vulnerabilities which are not used for public services, that's a problem. But, if someone is just looking for machines which are allowing anonymous FTP, who cares? This isn't like "trying the locks" at all.
It seems like you have a pretty extreme view of what it means to "use" someone elses computer. Is trying to FTP to a machine something which deserves a stiff penalty? What about a ping? What if I happen to get an arp sent down your DSL line? What about when IIS tries to connect back to web clients to get name information? Is this a criminal act on the part of Microsoft to engage in illegal tresspass? Did Cable and Wireless give me implicit authorization to send packets thru their router when they connected it to the internet? Did you give me implicit authorization to send packets to your host when you connected it to the internet? Is it my responsibility to intuit that you don't want FTP sessions? Or is it your responsibility to block FTP packets if they are unwelcome?
Regardless, this analogy doesn't fit portscanning. A portscan jiggles no knobs, it simply reports that a knob exists and perhaps what type of knob it is. If someone came by in the middle of the night to check my knob, I'd be a bit suspicious. Much less so if a person did such during the day. In either case their actions are not likely to be illegal.
have a day,
-l
[root@box0r root]# nmap -S 208.47.125.33 -e eth0 -P0 -sS slashdot.org
Beautiful...
The judge got it right. Congratulations.
Read the full brief sometime. Not only did he do portscans, there were pingfloods too (which they tried to pass off as "throughput tests")
"That's Tron. He fights for the Users."