Slashdot Mirror

← Back to Stories (view on slashdot.org)

Judge Says Port Scanning Is Legal

Posted by ryuzaki0 on from the thousands-of-lines-of-log-files dept.

cvbear0 writes: "SecurityFocus has an article explaining a ruling from a U.S. district court ruling in Georgia about port scanning. The judge ruled that that port scanning tools neither "impair the integrity nor availability of the network." Both parties agreed not to appeal the judge's ruling."

16 of 210 comments (clear)

  1. Honeynet project by wiredog · · Score: 4

    Trying to submit this, but the slashdot server keeps barfing out error messages:

    The HoneyNet Project, a network of honeypots!

    The Honeynet project is a group of 30 security professionals dedicated to learning the tools, tactics, and motives of the blackhat community and sharing those lessons learned.

    ZDnet report


    --

    Best Slashdot Co
  2. Nice Wording by max99ted · · Score: 4
    If someone came by in the middle of the night to check my knob...

    Do I need to elaborate?

    --

    Please stop APK.. you're only hurting yourself.

  3. bad analogies. by ruin · · Score: 4
    Port scanning is not like walking by someone's house and looking at the windows. Port scanning is not like testing all the doors on someone's house for an unlocked one. Port scanning is not like wandering through someone's house poking at their stuff. Port scanning is like... sending a request to commonly used ports of a computer to see what software is replying.

    Simply choosing whatever real-world analogy best supports the position of port scanning is good/bad is a faulty argument. Why not discuss the topic in terms of the actual result of the actual action we are talking about? Port scanning does no real harm right off the bat. On the other hand, it is impolite to do, because now the admins of the box you scanned have to worry about what your intentions are. So going around portscanning strangers just for fun is kind of a bad thing, but not so bad that no one should ever use such a piece of software, especially since it is so educational.

    And that's my take. Sure, if I put on my security admin hat, I don't want anyone ever doing any port scanning, because it makes my job a lot easier: anyone scanning my box is an enemy. On the other hand, if I put on my student hat, how am I ever going to learn things if the most educational tools are seen as dangerous and disallowed?

    -- "Just the superficial sort of [analogy] someone grounded too far in 'reality' would think up. TURN UP THE FEED, YOU WIGGLY MEAT THINGS! THIS IS THE NET! NOTHING'S REAL!" --Rache Bartmoss


    --

    --
    share and enjoy
  4. Intelligence Finally. by --delphi-- · · Score: 5

    Finally we see a little intelligence from our court systems. I mean, I do not do any sort of cracking, but I love to know what people are doing with their boxes. I have port scanned many of the servers around my university just to see what they're running. Port scanning does not hurt the network at all, it just throws a few packets at each port trying to establish a connection and then moves on. When can we schedule this judge to hear the decss case??

    1. Re:Intelligence Finally. by ethereal · · Score: 4

      No, but on the other hand if you're "in public", there's a certain understanding that people will see you, and they may even talk to you or bump into you on the street. None of those things constitute criminal actions.

      Likewise, if you're hooked up to the public network, you can expect to sometimes get packets from other machines. If you don't like the packets, drop them on the floor. If you don't want to waste time doing so, get a firewall (public street example: a Popemobile) and let the firewall drop unwanted packets on the floor.

      There's a difference between attacking your machine, and just port scanning it. I could see allowing prosecution for sending you a virus, or trying to crack one of the services you're running, but a port scan is not the same thing. I don't think you can really complain until your computing resources have actually been misappropriated. If you've just been port scanned (and not flooded) then that hasn't happened yet.

      --

      Your right to not believe: Americans United for Separation of Church and

    2. Re:Intelligence Finally. by Alex+Pennace · · Score: 4

      Yeah, let me know when I can wonder around your house or apartment looking at stuff.

      More like wandering by your house and counting the number of windows it has.

    3. Re:Intelligence Finally. by Jawbox · · Score: 5

      That analogy works for me. It isn't against the law to look at windows, determine their type and make estimates of their security. It enables you to do things like say, "Wow those are gee-golly neat windows I should get some of those for my house." or "What an idiot, I can't believe that house only is using the XJy9 style of windows, my 10 year old could break into their house and rob them blind."

      None of this is a crime! And a homeowner that watches someone scanning their windows can't sue for damages because they suddenly realize that the security of their windows stinks either. All this ruling does is apply some real world sense to a computer security case.

      Now the earlier post about walking around inside your apartment and looking at all the cool stuff is a false analogy in my eyes. To me that is the equivalent of breaking into a system(or being invited in depending on circumstances) and scanning the filesystem.

    4. Re:Intelligence Finally. by brokeninside · · Score: 4
      bugg:
      I don't know about you, but if I some guy I don't know (and didn't give permission to) walking around my house with a clipboard inspecting the windows, I'm calling the police.

      I am not a lawyer, but from what little reading of law I've done, in the US in most jurisdictions, the police problably wouldn't even come out to investigate. Only in situations where "No Trespassing" signs are clearly posted or in situations where you have personally informed an individual that you do not want them on your property would the police even care that someone was looking at your windows.

      [I suppose there would be a few other exceptional circumstance such as the property owner having some sort of injunction against the individual doing the inspection or in the case of the person doing the inspection doing it in a manner that attempts to conceal their identity.]

      Connecting a computer to the internet is really more akin to parking an automobile on a public street. It is not illegal (or even necessarily immoral) to examine such a car up close. It is, however, illegal and/or immoral to use the information obtained from such an examination in certain circumstances (such as to pick the lock or hotwire the vehicle). There are also many circumstances where the informatin comes in helpful. For example, if I see a car with he headlights left on, I will almost always check to see if the door is locked and if it isn't I will turn off the headlights. You can sue me for doing that to your car if you please, but you will lose the suit and you will be laughed out of court by virtually any judge.

      have a day,

      -l

  5. The Judge.. by seanmeister · · Score: 5

    Gotta love the judge's name 'Thomas Thrash' - clearly, his h0n0r is a l33t h4x0r.
    Sean

  6. Re:The legal system still doesn't get it... by Shotgun · · Score: 5

    Port scanning a system is directly analogous to trying the locks on someones home.
    It is not free speech, it's a violation of property rights.
    You do not have the right to use anyone elses computer hardware for any purpose without permission.

    Yes, but you do have the right to walk down the street and peer into windows. You have the right to walk up to their door and even try the lock. You can even carry a crowbar while doing it if you wish. The police don't have anything against you until you enter the premises and leave with something. If you just enter and leave, they still don't have anything on you unless there were no tresspassing signs up. There are 'breaking and entering violations', but no 'entering' violations that I know of.

    If a policeman notices you acting suspiciously and want to catch you (as opposed to just stopping you), he will watch you and catch you with the good after you left the premises. Notice, that store security doesn't stop shoplifters until after they've left the store. Until they cross the threshold, they are not shoplifting. They may have the intent, but they haven't yet committed the crime.

    Servers on the public network are like window displays. You can't set up a server for everyone to see and then sue people for looking at it, just like you can't sue people for crossing your yard and looking in the window.

    Course, I did hear of one case where a man looks through a window from the street and sees a woman dressing. She sues him for being a peeping tom, and he countered sued her for public exposure. They both won...

    The contractor was in the wrong and deserved to be fired. If he had recieved permission to scan the network, it would have been another matter entirely, but acting on his own was wrong and should have been illegal.

    The man was installing a network component. Are security tests not to be included as part of a system test? If the network was later successfully attacked and it was disclosed that the installation contractor hadn't done the barest minimum security checks, wouln't he be held liable for negligence? In my view, not only were his actions ethical, they were prudent.

    --
    Aah, change is good. -- Rafiki
    Yeah, but it ain't easy. -- Simba
  7. Re:Security-firms by Malc · · Score: 4

    My ISPs newsgroup (sympatico.highspeed) is full of people whining about hack attempts. I get the impression that this is the tip of the iceberg and that there are a lot of people living in fear, and also many more who report them to the ISP (wasting their resources). I would suggest that most of the time these are just false alarms and caused by the background noise of the internet.

    How often have you typed an IP address incorrectly? My office uses public IP addresses internally. Thie means that if the VPN isn't connected, my Netbios, Visual Source Safe, SQL Server Enterprise Manager, etc, are all attempting to make connections to machines on the internet. All harmless, but will trigger warnings from many people's firewall software.

    These companies producing this firewall software base their marketting on people's fear of the unknown, and in fact increase their fear of being hacked. Just the other day somebody was whining on the newsgroup about a connection attempt on port 7 (ping). He thought he was being hacked and wanted to know where he should report it.

  8. Just to clarify by Alien54 · · Score: 5
    Just to clarify the issue slightly:
    While VC3 acknowledged that Moulton's port scan did no direct harm, the company argued that the time spent investigating the event was a form of damage. "If somebody does some type of attack, and you are a good service provider, you spend all your time verifying that it did not cause a significant problem," says Hogue. "The time that it takes to do all that searching is the damage that we were claiming."
    But it pays to know that while they lost on this particular point, harrassing someone by multiple ports scans probably is not a good idea.
    --
    "It is a greater offense to steal men's labor, than their clothes"
  9. Not law! by www.sorehands.com · · Score: 4
    Since this case won't be appealed, it means almost nothing.

    A trial level court decision does not mean much, except to the parties, until there is an appeals court rules on it (or denies to rule on it, sometimes).

    The issue on port scanning will come back again. It will be decided on frequency, and by whom. If you try repeated times on the same system, or using kiddie scripts it will be ruled against you.

    --
    Fight Spammers!
  10. I'm not too sure on this ruling by Flounder · · Score: 4
    The judge ruled that that port scanning tools neither "impair the integrity nor availability of the network."

    However, if through the use of a port scanner, a script kiddie finds a weakness in one of your web servers and proceeds to take down your network, then I think it does "impair the integrity nor availability of the network."

    It's the equivalent of a burglar checking your doors and windows looking for one that's not locked.

    I use portscanning tools all the time on my own network. However, I'll be damned if I'm gonna sit back and let some 12 year old with some software downloaded from Tucows identify every machine in my network and what ports they're using.

    Never had it happen though, that's what the firewall's for.

    --

    No boom today. Boom tomorrow. There's always a boom tomorrow. - Cmdr. Susan Ivanova

  11. Re:The legal system still doesn't get it... by BeBoxer · · Score: 5

    I would not consider port scanning to be like actually trying locks. It is in fact the least intrusive method possible to determine whether or not a machine is offering services to the public. In this way, it's more like walking down a street looking to see which buildings have open doors and welcome mats.

    Here's a real world example I just came across at work. Part of our address range is in use by a high school. It seems that one of their computers decided to scan for FTP ports on a whole lot of addresses. I don't know if it was a student doing it or if the machine was hacked first. But, do you think this is "a violation of property rights"? For someone to go out and ask machines on the internet if they allow anonymous FTP access?

    I agree completely that if someone is doing things which can only be viewed as a hacking attempt such as scanning for ports with commonly known vulnerabilities which are not used for public services, that's a problem. But, if someone is just looking for machines which are allowing anonymous FTP, who cares? This isn't like "trying the locks" at all.

    It seems like you have a pretty extreme view of what it means to "use" someone elses computer. Is trying to FTP to a machine something which deserves a stiff penalty? What about a ping? What if I happen to get an arp sent down your DSL line? What about when IIS tries to connect back to web clients to get name information? Is this a criminal act on the part of Microsoft to engage in illegal tresspass? Did Cable and Wireless give me implicit authorization to send packets thru their router when they connected it to the internet? Did you give me implicit authorization to send packets to your host when you connected it to the internet? Is it my responsibility to intuit that you don't want FTP sessions? Or is it your responsibility to block FTP packets if they are unwelcome?

  12. Excellent by I+Am+Smarter+Than+U · · Score: 4


    [root@box0r root]# nmap -S 208.47.125.33 -e eth0 -P0 -sS slashdot.org

    Beautiful...