Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
The Internet

Judge Says Port Scanning Is Legal 210

cvbear0 writes: "SecurityFocus has an article explaining a ruling from a U.S. district court ruling in Georgia about port scanning. The judge ruled that that port scanning tools neither "impair the integrity nor availability of the network." Both parties agreed not to appeal the judge's ruling."
This discussion has been archived. No new comments can be posted.

Judge Says Port Scanning is Legal

Comments Filter:
  • Some users have made comments to the effect that any portscanning is amaturish and more than likely to be used for haXor puroses.
    Bunkum!
    A portscan of your local net can be a handy tool for instance figuring out wherethefrag the dhcp server is whackin' everyones PC, what services are available on that nutty little net-printer with manglish instructions, whether that net appliance is exposing any unnecesarry services, many thing indeed.
    And yes, you can use a scanner to find machines with port 139 exposed on the internet. Don't, that just pisses one off to see lot's of splattered 139 enquirys all over the firewall. Kids;- It's an old trick. Go invent some new ones....... Or get hardcore, learn forth and like program a toaster or something:)
  • by wiredog ( 43288 ) on Tuesday December 19, 2000 @05:31AM (#548815) Journal
    Trying to submit this, but the slashdot server keeps barfing out error messages:

    The HoneyNet Project, a network of honeypots!

    The Honeynet project [http] is a group of 30 security professionals dedicated to learning the tools, tactics, and motives of the blackhat community and sharing those lessons learned.

    ZDnet report [zdnet.com]


  • Am I "stealing" your band-width ? No more than mine.

    Difference is YOU choose to use yours. I had no input in your use of mine. I pay for mine. I choose to accept the overhead of PPP/ethernet. I DON'T choose to pay money for you to satisfy your curiosities.

  • You, or your PC, is the one that addressed them. That "common carrier" thing, remember?
  • /. has finally come to its senses and failed to mod someone down for even considering windows could be secured
  • More like wandering through a mall and seeing what stores are open, I'd say.

    The "wander around your house looking at stuff" analogy is traditionally used to describe a situation where a person has gotten in, like through a known hole or weak password, and is looking at information that was assumed and intended to be private without altering or deleting it. That's not even in the same ballpark as portscanning.
    --

  • I personally don't care less what your intentions are in the dead of night jiggling my door handle, I'm going to shoot you first and ask questions later.

    You'd shoot someone for jiggling your door handle? First, I'd make sure it's on there tight and won't jiggle, then I'd get a motion sensor light. If that didn't work maybe I'd get a fence or call the cops.

    But then again I'd probably be dead asleep and wouldn't notice unless I had some sort of security camera logging the event. I'm certainly not gonna have it wake me up if someone jiggles the door handle. Now, if they actually open the door..
  • Actually, I read about it on Slashdot [slashdot.org] last week.

    --

  • I know you will have a hard time accepting this due to your steady diet of violent movies/games/TV ever since you were a tot but in OTHER parts of the world it is not considered acceptable behaviour to shoot other human beings.

  • I actually don't mind when someone attempt to find open FTP ports on my system. If someone telnets into my box they get a polite message asking them to go away and never try to access my system again.

    The the lusers who access 21,22,23,12345,12346,31337 all within 2 seconds, and are probably doing the same to everyone on my B subnet who really really really piss me off. In a rage, I wrote up Stop the portscanners [arbutus.cx]. Yes, it's pretty ragy, and probably over the top. With this ruling I might change my mind a bit.

    I also wrote a program called antagonizer. It "teletypes a message", typing a character every 100ms, with a Ctrl-G between each character. It's damn annoying to telnet into, crashes IE's ftp, etc. If they try to access 12345, 31337, it tell them to fuck off and start looking for another ISP. I've actually managed to get ISPs to drop users by informing them that one of their users is portscanning. Works maybe 10% of the time.

    In the wake of this ruling, I've been thinking of creating an "eye for an eye" system. If you access port 21 of my system, my machine access port 21 of your system, and sends you back the results. Haxor cracks into their own system, logs at 11... Not sure how well it would work for thinkgs like ssh, but in theory should work.

    Also thought about a scanning detection or honeypot network, where the results of portscans could be logged or analysed from a single server.
  • don't know about the portscans you see, but the portscans I see are more analogous to someone walking up to your back door in the middle of the night and jiggling the knob to see if it's open.

    Not hardly. Thats analogous to trying to get into an ftp site without authorization. The mere connection to the ftp port and seeing that it doesn't offer anonymous access is akin to looking at a structure and saying "that is a private residence; I should not enter it as I would with a public store."

  • It's the equivalent of a burglar checking your doors and windows looking for one that's not locked.

    If some thug walks up to your front door and starts rattling the the knob, there's grounds for calling the authorities. You're exactly right, and there should be similar grounds for port scanning. To paraphrase the Code of Computer Use at my university, 'Authority to use a computer is granted solely by the owner of that computer. Just because you have a password doesn't give you the right to use it.' Port scanning uses resources on my computer (even if not significant). So in my mind, if somoene is using resources and I didn't tell them it was okay, something's wrong.
  • Try to run an NFS server on a Tru64 unix client without having port 2049 open to the world. Most of the RPC services do not have built-in access control lists, nfsd is one particularly obvious example. And Tru64 unix (last I checked, its been about a year) had no way to packet filter this port. The OS had no packetfiltering and publically available free utilties like ipf haven't been ported to Tru64.

    Compound that problem with working at a University where they've got policy (albeit usually unenforced) that you'll get fired if you try to firewall or NAT your network. The net result is that there's no way to close some ports on machines that I have no intention whatsoever of letting you look at. Your analogy fails miserably. An open port is not an open door, or an invitation. You should instead assume that if you haven't been explicitly invited or given permission that you are to stay off.

  • Yes, implicity giving people to use THOSE SERVICES I'M PROVIDING. There is no need to portscan the box for those I don't offer the public.
  • That depends on where you live.

    I know that here in Texas jiggling the door handle would fall under the classification of criminal mischeif at night which does justify the use of deadly force. Now whether or not your conscience could handle shooting little Jimmy from next door who just wanted to know if you saw his puppy is a whole other question. The fact is you wouldn't be gonig to jail.
  • I wonder if it is possible to get "anti-hacker" insurance on servers in Italy. If companies are not required to harden their servers...

    Well, this could be a thought. But I don't know how many companies would sleep soundly if they know that their servers are open, but at least they'll get all the money back if somebody grabs everything.. it's like living in a dangerous neighborhood and having our car insured against steal - and leaving it open with the windows down. ..sleep well :)
  • Yes...if I use my eyes and look at your house, examine your windows...the information gleamed could be used to break in. However, looking is not illegal...even touching your windows. If you are so intent on breakins being a crime then they will get charge *after* commital, not before. We call this innocence before guilt. Interesting concept.
  • It's the equivalent of a burglar checking your doors and windows looking for one that's not locked.

    And if you left the keys in your door who is to blame? I don't think port scanning for the purpose of illegal entry is right or moral, but if you invite someone in due to negligence then you are at fault.

    If you are running a home server and/or network and you don't even have rudimentary firewall software (also available at Tucows) then you have no one to blame but yourself if your network is comprimised.

    Capt. Ron

  • The question is simple, would it REALLY have stopped anyone even if the ruling had been the reverse?
  • >You do not have the right to use anyone elses computer hardware for
    any purpose without permission.
    I am not sure if this is strictly true. Would it then be illegal to send a single ping to a machine to determine whether it is responding to packets? How about traceroute? When you are using the Internet, you are using a lot of other people's hardware without having explicit permission (i.e. routers, backbone providers, and so forth)

    It seems to me that by placing a machine on the Internet, and running public services, you are implicitly granting permission for people to use it for some purposes. (If the machine is also implicitly running a public service, i.e. a router, implicit permission is also granted, IMHO)

  • I think you're trying to park in his driveway, not on the public road.
  • Maybe traffic jams are all set-up by the oil cartels.

    Hmmmm ... It's probably just an urban myth, but there is the old story of how a consortium of Standard Oil, Bridgestone Tyres and General Motors bought the public rail system of a major city, scrapped the trains, and replaced it with a bus system using General Motors Buses equipped with Bridgestone Tyres and running on Standard Oil. Eventually they realise that they can sell many more vehicles, tyres and fuel, if they get rid of the buses and replace them with ... er traffic jams.

  • What about going in and re-arranging the furniture, and then leaving a note about fengshui?
  • It seems to me that your particular concern could be addressed by "porting" (sorry about that) over anti-stalking laws to the computer world.

    In the real world, you can follow someone around with impunity until you do something threatening or harassing, such as make threats, make sexual advances or *possibly* commit a real crime such as trespassing, breaking and entering, etc. (note that these things can be *perceived* threats, as long as there is some basis for it). Obviously, if the same concepts were applied to computer security, then port-scanning would be fine (just seeing what your computer is doing) until a threat is made (just seeing what your computer is doing so an attempt can be made to damage it).

    This would allow "reasonable" port-scanning (i.e. searching for FTP sites that allow anonymous access, accessing "public" resources, checking security for a friend, etc.) and would disallow port scans from people who have acrimonious relationships with the owner of the computer, are "known" crackers, etc.

    Of course, to make these kinds of changes requires getting state and federal legislatures interested. Unfortunately, virtually all of the lobbying from the Internet "community" comes from free speech advocates, who are generally against virtually any restrictive legislation regarding computers at all, advocating an almost-complete hands-off policy. I'm just glad that laws against burglarly, robbery, assault and the like came before they did.

  • If you tell someone to read the article, maybe you'd better first read his comment; it says Since this case won't be appealed, it means almost nothing.; he was commenting on the fact that there wouldn't be an appeal! Don't you think it's a bit stupid to first misread someone's comment and then call him a fuckhead?
  • I run a MUD, I get a number of port scans daily. It annoys me a bit, they do use up bandwidth and I do get a number with spoofed IP addresses, which concern me, but I wouldn't go ballistic over somebody who is just satisfying their curiousity.

    There's another class of scanning though, I've got a user who's threatened to hack into my machine. He's just a script kiddy, I'm not terribly concerned since I don't have any services other than the bare minimum running. Still, it seems to me that when this kid scans me I should be able to have it treated more seriously than a random scan.

    The problem I see right now is that things are both too lax and too strict. People try to make valuable tools illegal which is absolutely wrong. On the other hand positive rulings without the requisite pause to think about how the circumstances which surround an event, the intent, should dictate how the event is classed.

  • Massachusetts, actually.


    --
  • Oops, I stuck an extra http:// in there. Guess thats why the server barfs. Sorry.

  • Well said.

    The only way people have of knowing whether your servers offer particular network services is by trying a connection. TCP/IP offers no other way. When you're on the main high-street of the Internet (ie. directly connected), it must be expected, because there is no other way for people on the street to know what services you're offering.

    In contrast, if your servers are not intended to be "on the main high street" and you don't want people to know what services they provide, then firewall them off --- this makes them private property, off-limits to the high-street wanderer.

    The continuous rain of port scans on the Internet is irrelevant to any sysadmin that structures systems properly into public and private parts. Yes, testing for open ports is often performed during crack attempts, just like looking is often performed during burglary, but if you want to know what's around you then you cannot avoid doing either of these. The technology offers no other way.

    If you don't want street wanderers looking at your establishment and walking in through any doors that you've left open, put it behind a wall, and silently drop all packets that fail your access policy. To complain about port scans is to misunderstand the limits of TCP/IP.
  • by max99ted ( 192208 ) on Tuesday December 19, 2000 @08:43AM (#548843)
    If someone came by in the middle of the night to check my knob...

    Do I need to elaborate?

  • your an idiot. No shit that saying someone isn't allowed to do something only stops them if they obey. What the hell do you think laws are? If their is a violation...wa-la, they didnt obey it now did they. You can want all you want for me not to look through your window from any sort of distance, thats protected...you do not have the right to say what I cant look at in that situation. You want protection, put up blinds...thats your responsibility, your sacrifice. Thats free as in speech. The freedom not to have you tell me I cant look at your house because "you dont like it". Free cable is a completely different matter...it pretty much is like mp3s, copying cds whatever. Completely different. Those companies have legitimate claim to protection from what you are doing...you however not liking my look at your house, do not.
  • by bfree ( 113420 ) on Tuesday December 19, 2000 @08:46AM (#548845)
    If you connect your computer by to the Internet and it is assigned an IP address, then it is potentially offering an infinite (or is it 65536 or ....) number of ports to the public internet. Each and every port you connect to the internet becomes part of the shared public network, just as you assume that people who you have never met, dealt with or heard of will route your packets you are offering these connected ports. If someone port scans your computer, they are portscanning a public IP address (or else you are behind a firewall and should be asking questions of the provider). TCP/IP does not (that I know of) provide a DNS like system to say which ports are useful on each IP so using a port-scanner is the only way to find out what you are usefully offering. How am I meant to know what services you are providing on your public part of the public internet (lets make a public and private net addressing system to say that your system is different if you don't accept this)?
  • by ruin ( 141833 ) on Tuesday December 19, 2000 @08:49AM (#548848) Homepage
    Port scanning is not like walking by someone's house and looking at the windows. Port scanning is not like testing all the doors on someone's house for an unlocked one. Port scanning is not like wandering through someone's house poking at their stuff. Port scanning is like... sending a request to commonly used ports of a computer to see what software is replying.

    Simply choosing whatever real-world analogy best supports the position of port scanning is good/bad is a faulty argument. Why not discuss the topic in terms of the actual result of the actual action we are talking about? Port scanning does no real harm right off the bat. On the other hand, it is impolite to do, because now the admins of the box you scanned have to worry about what your intentions are. So going around portscanning strangers just for fun is kind of a bad thing, but not so bad that no one should ever use such a piece of software, especially since it is so educational.

    And that's my take. Sure, if I put on my security admin hat, I don't want anyone ever doing any port scanning, because it makes my job a lot easier: anyone scanning my box is an enemy. On the other hand, if I put on my student hat, how am I ever going to learn things if the most educational tools are seen as dangerous and disallowed?

    -- "Just the superficial sort of [analogy] someone grounded too far in 'reality' would think up. TURN UP THE FEED, YOU WIGGLY MEAT THINGS! THIS IS THE NET! NOTHING'S REAL!" --Rache Bartmoss


    --

  • Kewl, now are all the 3l33t script kiddies on the secure site!
    And who pays for the bandwith?? Some people don't have flat fees.
  • Gee, haven't I seen this story someplace else before [slashdot.org]? What is up with the Slashdot editors?

    Alex Bischoff

    Alex Bischoff
    ---

  • by --delphi-- ( 131620 ) on Tuesday December 19, 2000 @05:13AM (#548857) Homepage
    Finally we see a little intelligence from our court systems. I mean, I do not do any sort of cracking, but I love to know what people are doing with their boxes. I have port scanned many of the servers around my university just to see what they're running. Port scanning does not hurt the network at all, it just throws a few packets at each port trying to establish a connection and then moves on. When can we schedule this judge to hear the decss case??
  • Moulton probably could have avoided the problems by asking permission to do a port scan first.

    It's interesting that he's still in trouble over the port scan in the first place, this ruling just says that V3 can't claim damages from it.

  • by seanmeister ( 156224 ) on Tuesday December 19, 2000 @05:35AM (#548863)
    Gotta love the judge's name 'Thomas Thrash' - clearly, his h0n0r is a l33t h4x0r.
    Sean
  • The consultant still lost his job by doing his job. The "scanned" parties over reaction cost him money that he will never get back. So the judge ruled in his favor, still sucks to be him.

    In the end be VERY careful what you do, because doing what is correct will not always protect you. When we do any security audit/analysis for a company we get a written agreement from them AND their connected networks. Some sysadmin's are pretty high strung.

    As one sysadmin put it "I don't like my territory pissed in".

  • The poster is making an inappropriate analogy when he/she suggests that checking whether a network service is available to the public through the front door on the Internet is equivalent to monitoring sexual activity on private property.

    Unless your humping is intended to be on display on the high street, there is no analogy here at all. Presumably if the sex is with your SO then it's not meant to be public. It would usually be on private property, ie. behind a wall and/or locked doors, so that high-street shoppers don't think you're offering viewing of your bedroom antics as a service.

    Don't forget that TCP/IP offers no other way for people on the net to determine what services you are making available to them: trying to open connections is the only way of finding out what network services are being offered. Protesting about port scans just shows a lack of understanding of the demands and constraints of TCP/IP. Without the ability to open connections to check on services offered, one would be more constrained than a blind shopper on the high street, never knowing which establishments are open and which are closed.

    If you don't want your private resources to be visible to the public, get off the high street by placing your servers on private property, ie. wall them off behind a firewall out of reach of port scans.
  • by Oestergaard ( 3005 ) on Tuesday December 19, 2000 @06:51AM (#548872) Homepage
    I've heard that analogy before, and *plo ease* stop it. No it is not the same as trying if someone forgot to lock their door - that would be the actual exploit, if anything...

    When is a port scan a port scan ? If I scan one port ? two ? ten ? If I connect to a machine on port 80, I expect to get the web-server - but it is a one-port "scan" as well. Is that leagal ? What if I follow a link from somewhere that points to http://yourhost.com:81/, but you never had a web server running at port 81 ? Am I a burgler ?

    Give up the ghost-hunting, and let's focus on the real issues... If you log a port scan, you're wise to keep an eye on that IP. But nothing happened yet, and maybe nothing will.

    If I walk by your house looking at your front door, maybe you'll be wise to keep an eye out for me next time. But if you come after me on those grounds alone, the law is on my side.

    It is wise to use logged port-scans to focus your detective work, but attempting to act on them alone is ridiculous. It is very simply *just*not*good*enough*.
  • by www.sorehands.com ( 142825 ) on Tuesday December 19, 2000 @09:28AM (#548875) Homepage
    You have it backwards! Mattel/MSI/TLC violated the law (FMLA/ADA, etc)and paid a judgment for their violation.

    Mattel continued with a baseless libel lawsuit, even though their own attorney admitted that I believed what I published. When a judge asked them what was libelous, Mattel moved to dismiss. Mattel is the one who tried to shake me down, Mattel tried to shake down others. Mattel has over 130 cases in only one of Federal courts; Mattel has 10 pages of cases (1 line per case) in the LA superior court. Are you saying my lawsuit against Mattel is abusing the courts more than Mattel abuses the court?

    Why don't you check the facts before you jump to conclusions.

  • by ethereal ( 13958 ) on Tuesday December 19, 2000 @06:51AM (#548876) Journal

    No, but on the other hand if you're "in public", there's a certain understanding that people will see you, and they may even talk to you or bump into you on the street. None of those things constitute criminal actions.

    Likewise, if you're hooked up to the public network, you can expect to sometimes get packets from other machines. If you don't like the packets, drop them on the floor. If you don't want to waste time doing so, get a firewall (public street example: a Popemobile) and let the firewall drop unwanted packets on the floor.

    There's a difference between attacking your machine, and just port scanning it. I could see allowing prosecution for sending you a virus, or trying to crack one of the services you're running, but a port scan is not the same thing. I don't think you can really complain until your computing resources have actually been misappropriated. If you've just been port scanned (and not flooded) then that hasn't happened yet.

  • Which would really truly suck ass. It would make me have to switch ISPs.

    I often use my hom emachines to port scan machines that I have on other networks to see what can get through, what is running etc. Port scanners are GREAT tools.

    Sure, its nothing that can't be culled from netstat and other things, but port scanning is fast and effective. It also is great for testing ipchains rules etc to block port access.

    Besides... port scanning is not malicous. Sure, it is often a prelude to an attack, but it is not, itself an attack.

    Port scanning is just a useful tool. If you don't want people using a service, then don't set it up so that the entire world can access it. If you don't want people connecting to a port, then don't run anything on that port, or block it off with ipchains rules.

    If its available to the world, then assume that it is public...because it is. I mean really... looking in the window of your car is a prelude to stealing your stereo... but does that mean we should outlaw looking in through the windows of parked cars?

    -Steve
  • by Chris Burke ( 6130 ) on Tuesday December 19, 2000 @06:57AM (#548879) Homepage
    And while you're at it, rattling all the doors and windows to see if everything's locked. Oh yeah - and let's not forget to check those common hiding places for a spare key. You use a Schlage lock? Cool - I've got a Schlage master key.

    This would be a little more than just a port scan. There's a big difference between seeing if you have Telnet open and trying to brute-force some user accounts. As you say:

    Mostly harmless, but some real jerks in there.

    You need to be paying attention to the jerks, then, not having a fit whenever a packet hits your server. You're on the net -- it's fine to be mad when someone tries to get into your house, but not when they look at your house as they drive by.
  • by Mignon ( 34109 ) <satan@programmer.net> on Tuesday December 19, 2000 @06:57AM (#548880)
    If you try repeated times on the same system ... it will be ruled against you.

    Ah, the "three pings and you're out" approach.

  • If your software thinks a port scan without any attempt to break in has the signature of an "attack", you need to upgrade. A port scan isn't going to give anyone access to your machine, so it isn't an attack. Maybe flag portscans for further observation, but if you have your pager ring everytime a harmless packet hits your firewall, you won't get much sleep (and for no good reason).
  • by Flounder ( 42112 ) on Tuesday December 19, 2000 @05:39AM (#548883)
    I think the weakness itself impairs the integrity of the network, and the taking down of the network to be a crime. The use of the port scanner itself doesn't impair the network.

    Does possesion of a tool capable for use in a crime make that possession a crime? Of course not. But, if you walk into a bank with a loaded gun and a ski mask, or if you are caught sneaking around people's houses with a crowbar, I think the police will certainly take a suspicious look at you. Same with repeated and targeted port scanning.

    We're treading onto some very thin ice with this subject. I personally use port scanners all the time. But if anybody else on my network is caught using one, then I'm gonna get very suspicious.

  • by osgeek ( 239988 ) on Tuesday December 19, 2000 @05:41AM (#548889) Homepage Journal
    Yeah, let me know when I can wonder around your house or apartment looking at stuff.

    I won't hurt anything or take anything, I'll just poke around - I love to know what people are doing. Having sex with your SO? Don't mind me, I was just looking.
  • It sounds like a university policy problem compounded by a poor design choice by DEC programmers. That's a lot like renting a building that has a doorway without a door and the owner not permitting you to put a guard there.

    The problem here is bigger than portscanning though. There is little sense of property on the internet as a whole, where people think that "information wants to be free" when information is just a pile of bits with zero will or desire of its own. We have people stealing music, videos, programs, companies spamming us with our own bandwidth and a lot of people running all over thinking they can do what they damn well want to. Just as I'd like to own a house in which I don't need to have a phalanx cannon to ward off intruders, I shouldn't have to be eternally vigilant about a _computer_.

    So in short, I guess there is little sense of accountability on the internet, some feel that the anonymity gives them a right to screw things up for everyone else.
  • In some (US) jurisdictions, owning, for example, lock picks without being a licensed blacksmith is a crime. So, in some areas, owning of the tools is as illegal as using them.
  • Having a port open on your computer is not the same has having an unlocked door. The analogy of port scanning to trying to open up doors does not hold true. And How can you even try to compare port scanning to rape?

  • If you've wandered onto their property to "inspect the windows", you're trespassing.

    Portscanning, the way I see it, is a form of trespassing- if I don't want you doing something with my computer, then you shouldn't be allowed to do it. Period. Those are the common-sense laws that we need.

    If you'd like to learn about the services I'm running, ask nicely. That's the only ethical way, as far as I'm concerned, to gather that information remotely.

    I don't know about you, but if I some guy I don't know (and didn't give permission to) walking around my house with a clipboard inspecting the windows, I'm calling the police.

  • No, but on the other hand if you're "in public", there's a certain understanding that people will see you, and they may even talk to you or bump into you on the street. None of those things constitute criminal actions.

    Talking or bumping into is one thing. Looking through your pockets to see what you're carrying is something else. If someone comes up and asks me what time it is, that's fine. If someone comes up and asks me what time it is, what kind of car I drive, where my house is, what type of locks I have on that house, how much money is in my wallet, and where my kids are... well, that's just a hair out of bounds. Not illegal, perhaps, but certainly rude. I see port scanning as the same thing.

    Likewise, if you're hooked up to the public network, you can expect to sometimes get packets from other machines. If you don't like the

    Getting some packets is one thing, but getting a thousand packets from one guy who's just trying to find information about my machine is (IMHO) something else.

    There's a difference between attacking your machine, and just port scanning it.

    Attacking isn't even a question -- I think we probably all agree that's deserved some punishment. I guess I just see a port scan as gathering intelligence about a target. In the real world, you hire a security guard to walk around your offices at night and make sure nothing's wrong (scanning your own network). But if some other guys walks in and starts checking stuff out (someone else scanning your network) you're going to be ticked.

    The simple solution is just what you said -- run a firewall. I guess I'm just speaking for more of an idealist standpoint. In an ideal world, I wouldn't need a firewall. And I wouldn't need to lock the door to my house, either. So while we're going to have to live with port scanning, I just don't see it as something that should be acceptable for folks to do to me...
  • I propose "Free as in cable" (You can hook up multiple cable ready TVs to cable splitters to get cable recption on all of the TVs, at least where I live, I no longer do it myself, but I used to). The concept being you've paid someone else for something, and you can get another copy with your own effort, but the source of the good/service doesn't want you to/doesn't want you to know that you can. It's not the same as "Free as in speech," it has nothing do with innalienable rights. Nor "Free as in beer," it's not possible to get two pitchers out of one (barring free refills). "Free as in cable" represents something where you're able to get more out of something than the provider wants you to, and the only way they can stop you is by the provider saying that you can't do it.

    This applies to the story in that you CAN port scan someone, but they may want you not to do it. You've paid for the use of an internet connection, and can do more than someone else may want you to with it. Free as in cable applies also to the analogies people have been offering of looking at someone's house through the windows. If they don't draw the curtains (or blinds), you can look inside from a distance without, but they may not want you to. You may just be admiring the new wallpaper your neighbor put in, but you may also be looking to see what the combination to the wall safe is.

    Theoretically you could bar your windows all the time, but you lose the convenience of watching a thunderstorm from inside, or letting a breeze in on a hot day. Saying that someone isn't allowed to look in through your windows to stop them only works if the that someone obeys your request. They're still free (as in cable) to look in. It's the price we pay for living.
  • Perhaps I should start charging a fee for people who come to my door. After all, I have to invest time and energy in getting off the sofa, walking to the door, opening the door and asking who it is -- instead of just letting every stranger into my house as they wish.

    Some expenses are a necessity and are the responsibitily accepted under the circumstances. People may use your restroom in your restaurant, but you can't charge for it and you can't deny access to it from the public. It is an accepted expense, whether or not it is used.
    ---
    seumas.com

  • Just because you never detected a breakin does not mean you have'nt been broken into. So you know every service open on your large network? Lets say 3000 machines? So your saying you have hand setup, configured and installed each and every machine on that network? There is no possible way that anyone could have enabled a service you dont know about? Every single machine has been patched and audited for security holes? For every version, architechture out there?

    I am amazed.
  • well, standing on the sidewalk and looking at your neighbors door isn't illegal. But this is about port scanning, not sniffing. If you were just looking at the door watching for "traffic", then you'd be running a sniffer.

    But, if you're running a port scanner, then you'd be walking up to windows and doors and tapping on them, checking to find those that were open and/or unlocked.

    Running a sniffer isn't illegal (but it's fun to watch what your neighbors on the cable modem are doing).

  • by Alex Pennace ( 27488 ) <alex@pennace.org> on Tuesday December 19, 2000 @05:43AM (#548910) Homepage

    Yeah, let me know when I can wonder around your house or apartment looking at stuff.

    More like wandering by your house and counting the number of windows it has.

  • "But, if you're running a port scanner, then you'd be walking up to windows and doors and tapping on them, checking to find those that were open and/or unlocked."

    Sometimes I think that people tend to forget the difference between an analogy and a direct parallel.

    What if you stood in your living room and watched the neighbor's place with binoculars to see if he locked the windows or doors when he went out? In Canada at least, if you're on your own property and not using 'undue means of surveillance' (i.e. IR binoculars, etc.) then this is legal.

    And yet, you're still scoping out the neighbor's place for a possible illegal action.

    Regardless, it should be pretty obvious how things should be: Legitimate use of legitimate tools should be legal and accepted. Questionable or illegal use of tools should be punished, but it's the specific behaviour that's getting censured here--not the tool or the mere use of the tool.

  • Until the burglar enters the house, surely it's just trespassing, which where I come from is a civil and not criminal offence.

  • Depends on what state you shoot in. ;)

    (If I have misremembered any of this I welcome corrections...)

    In CA, you can't shoot someone unless they are outright attacking you, even if they break into your home. You can't shoot at all in defense of a 3rd party. Wife getting stabbed? Tough. Try wrestling with the guy. If he stabs you, you can shoot him.

    In TX and AZ you can blow someone away if they present an immediate threat. In TX you can kill in defense of property, so if you catch someone stealing your car stereo you can waste him. I don't know if that is the case in AZ. In both states you can employ lethal force in defense of a 3rd party.

    In DE you can't use lethal force except as a last resort. If someone breaks into your home and threatens you, or even attacks you, you must FALL BACK, flee your home. You can't shoot unless there is no other alternative, even bad alternatives like running and getting shot in the back, or leaving your family in the house with the bad guy. (That's crazy, IMHO.)

    In WA, where I just moved, I don't know what the law is. I better find out!

    Would I shoot someone for jiggling my door handle? No. But I would be waiting there with a weapon in case he came in. Then, he'd have exactly 1 second to comply with my commands before I issued him a severe case of kinetic energy poisoning.

    If he had a ranged weapon, I'd drop him, laws be damned. Better judged by 12 than carried by 6, as they say.

    (If you are one of those people who wants to go on and on about how I am more unsafe with a gun at home, blah blah blah, please save the effort. You're not converting me.)
  • Nah, the only person who sounds unsafe (due to gun) in your house the someone who opens the door in the middle of the night.

    And you said you'd give them a second (if only one) and/or look for a gun, before shooting, so you're not the type to fire through the door because the knob jiggles.

    I'd imagine, from how you know the laws in the various areas (and those are mostly correct, as I remember them) that you're also practiced in shooting, and probably have ammo specifically selected to not penetrate walls and such.

    On a related note, but not to just you...

    Just because you're in Texas doesn't mean you can shoot someone for jiggling your doorknob at night. You don't know why they're doing it, if they're drunk and at the wrong house that's a murder charge. You might get off, if you could prove that the person was looking to break in, but there are many cases in which they aren't guilty of criminal mischief... Just banging on door (let alone jiggling) to wake people up and run away (a common teenager prank) may violate some noise bylaws, and maybe curfews, and perhaps trespassing in some cases, but there's nothing there that legally justifies a citizens arrest, let alone shooting the person.

    (If someone walks up your front walk, and doesn't open a gate (marked as to discourage them) or other barrier, it's not trespassing. It's the same way that while a parking lot is owned by a company, it's treated as a public area for the application of most laws, if it's accessible to the public more than a certain ammount of the year (and not marked as private, with no public parking...)

    This is so that your neighbor can come over and knock on your door without being guilty of trespassing.

    So, this all boils down to, if you shoot someone for jiggling your doorknob you will be tried for murder and likely convicted, regardless of which state you live in.

    But, this isn't relevant to portscans. Portscans do the minimum they can and still detect a waiting connection. It's more analogous to shining a flashlight on a doorknob, which is just enough to let you know if it exists.

    This *may* be illegal if the police link you to break and enters and can prove that this is how you look for targets, but then this is true of anything. If you open/close your venetian blinds to signal a hitman, you're guilty of conspiracy to commit murder, even though opening the blinds isn't a crime.
  • I wouldn't even take port scanning as seriously as this. I see it as being more akin to looking around in the convenience store and seeing which of the usual convenience store products they offer. Perhaps one store offers only Pepsi products while others in the same neighborhood offer Coke products as well while some others also offer beer. However, sales of beer are restricted and identification must be presented to access beer. Does this make it wrong to enter sever stores in a neighborhood and notice if or if not they offer beer for sale?
    _____________
  • by glitch_ ( 48803 ) <email@ryanrinaldi.com> on Tuesday December 19, 2000 @07:18AM (#548926) Homepage Journal
    I'm sorry, but why on gods good earth would have ports open, if you don't want people to use them. I'm sorry, but going with the doors and windows analogy, it is like having a door open, with a welcome sign on it, flashing, and then bitching when someone walks in.

  • by Shotgun ( 30919 ) on Tuesday December 19, 2000 @07:19AM (#548930)
    Port scanning a system is directly analogous to trying the locks on someones home.
    It is not free speech, it's a violation of property rights.
    You do not have the right to use anyone elses computer hardware for any purpose without permission.


    Yes, but you do have the right to walk down the street and peer into windows. You have the right to walk up to their door and even try the lock. You can even carry a crowbar while doing it if you wish. The police don't have anything against you until you enter the premises and leave with something. If you just enter and leave, they still don't have anything on you unless there were no tresspassing signs up. There are 'breaking and entering violations', but no 'entering' violations that I know of.

    If a policeman notices you acting suspiciously and want to catch you (as opposed to just stopping you), he will watch you and catch you with the good after you left the premises. Notice, that store security doesn't stop shoplifters until after they've left the store. Until they cross the threshold, they are not shoplifting. They may have the intent, but they haven't yet committed the crime.

    Servers on the public network are like window displays. You can't set up a server for everyone to see and then sue people for looking at it, just like you can't sue people for crossing your yard and looking in the window.

    Course, I did hear of one case where a man looks through a window from the street and sees a woman dressing. She sues him for being a peeping tom, and he countered sued her for public exposure. They both won...

    The contractor was in the wrong and deserved to be fired. If he had recieved permission to scan the network, it would have been another matter entirely, but acting on his own was wrong and should have been illegal.

    The man was installing a network component. Are security tests not to be included as part of a system test? If the network was later successfully attacked and it was disclosed that the installation contractor hadn't done the barest minimum security checks, wouln't he be held liable for negligence? In my view, not only were his actions ethical, they were prudent.

  • > And while you're at it, rattling all the doors
    > and windows to see if everything's locked. Oh
    > yeah - and let's not forget to check those
    > common hiding places for a spare key. You use a
    > Schlage lock? Cool - I've got a Schlage master
    > key.

    Port scanners do one thing...they scan ports. Ocasionally, with features like ident lookups and OS detection...but in essece they just scan ports and say what they can about them.

    Tool sthat actually try to exploit vulnerabilities are a whlol enother story. A PORT SCANNER just "looks". It doesn't try to actually "Open the window and crawl in" or to "pick the lock". Thats a wholly different tool. (the two can be integrated, of course - but I wouldn't call the resulting "automated cracking tool" a "port scanner" any more than I would call a leatherman "a pocket knife").

    > As you might guess, I don't like deliberate
    > portscanners. My network is MY NETWORK. It's
    > here for my convenience, not yours, and I don't
    > particularly appreciate you poking around on
    > my boxes.

    Whether or not you appreciate it, its going to happen. No amount of whining, complaining, or even legislating is going to stop it.

    All services that a person CAN connect to from the outside should be considered "public". People WILL find them, so they had better be secure.

    -Steve
  • It's the equivalent of a burglar checking your doors and windows looking for one that's not locked.

    Not at all, because opening a door to a stranger's house is clearly a crime. Opening a tcp connection to a stranger's web server is something that we do thousands of times a day. If you're not running a public service, you shouldn't be on the internet, you should be behind a firewall.
  • Simple solution... If you don't want your box looked at don't put it on the "public" internet.

    Maybe I'm looking at this too simply but that's what makes sense to me.

  • > The only people who use port scanners are script kiddies and hackers.

    I used a portscanner this morning on our internal network. The problem was, we have no domain names and I had forgotten the IP of the machine i was looking for, but I know roughly which ports were open. Scanning quickly found it for me.

    Okay, this was on a private network so its an entirely different matter, but it helps illustrate my point which is this: Just because SOME people (ie, you) can't think of a legitimate use for a tool and you CAN think of a bad use, doesn't mean it is a bad tool.

    I would also add that (mainstream & non-techie) people are more likely to have heard of all the bad and evil things that can happen with these tools, and unlikely to have heard of legitimate uses. This is simply bacause legitimate use of what is after all an incredibly dull piece of software does not make interesting reading. Talk of hacking, cracking, e-fraud, espionage, etc. sells papers and increases page hits.
  • I smell a troll, but I'll humour you. If I walk up to your front door and turn the doorknob, how is that a crime?

    Whether or not the door opens is irrelevant. The only way a crime is committed is if I step through that doorway.

    Portscanning is exactly the same.

    The only difference is that in the real world, it's pretty hard to stop someone from coming back to check your doorknob every day. While, with a portscanner, it's pretty easy for a competent admin to automagically block out an IP (or ranges of them) after just one "offence".

    --

  • We're treading onto some very thin ice with this subject. I personally use port scanners all the time. But if anybody else on my network is caught using one, then I'm gonna get very suspicious.

    You are right to be suspicious, and any good admin will investigate. However, it makes perfect sense that you shouldn't be able to sue the scanner for the time you lost investigating it.

  • by Jawbox ( 113491 ) on Tuesday December 19, 2000 @06:06AM (#548948)

    That analogy works for me. It isn't against the law to look at windows, determine their type and make estimates of their security. It enables you to do things like say, "Wow those are gee-golly neat windows I should get some of those for my house." or "What an idiot, I can't believe that house only is using the XJy9 style of windows, my 10 year old could break into their house and rob them blind."

    None of this is a crime! And a homeowner that watches someone scanning their windows can't sue for damages because they suddenly realize that the security of their windows stinks either. All this ruling does is apply some real world sense to a computer security case.

    Now the earlier post about walking around inside your apartment and looking at all the cool stuff is a false analogy in my eyes. To me that is the equivalent of breaking into a system(or being invited in depending on circumstances) and scanning the filesystem.

  • by drsoran ( 979 ) on Tuesday December 19, 2000 @06:09AM (#548949)
    I don't know about the portscans you see, but the portscans I see are more analogous to someone walking up to your back door in the middle of the night and jiggling the knob to see if it's open. I personally don't care less what your intentions are in the dead of night jiggling my door handle, I'm going to shoot you first and ask questions later. Don't do it.
  • by Malc ( 1751 ) on Tuesday December 19, 2000 @06:09AM (#548950)
    My ISPs newsgroup (sympatico.highspeed) is full of people whining about hack attempts. I get the impression that this is the tip of the iceberg and that there are a lot of people living in fear, and also many more who report them to the ISP (wasting their resources). I would suggest that most of the time these are just false alarms and caused by the background noise of the internet.

    How often have you typed an IP address incorrectly? My office uses public IP addresses internally. Thie means that if the VPN isn't connected, my Netbios, Visual Source Safe, SQL Server Enterprise Manager, etc, are all attempting to make connections to machines on the internet. All harmless, but will trigger warnings from many people's firewall software.

    These companies producing this firewall software base their marketting on people's fear of the unknown, and in fact increase their fear of being hacked. Just the other day somebody was whining on the newsgroup about a connection attempt on port 7 (ping). He thought he was being hacked and wanted to know where he should report it.
  • What a breakthrough! A /. post about intelligence and Windows, yet no mention of m$ or gate$!! There's hope for us after all.
  • by Alien54 ( 180860 ) on Tuesday December 19, 2000 @05:17AM (#548954) Journal
    Just to clarify the issue slightly:
    While VC3 acknowledged that Moulton's port scan did no direct harm, the company argued that the time spent investigating the event was a form of damage. "If somebody does some type of attack, and you are a good service provider, you spend all your time verifying that it did not cause a significant problem," says Hogue. "The time that it takes to do all that searching is the damage that we were claiming."
    But it pays to know that while they lost on this particular point, harrassing someone by multiple ports scans probably is not a good idea.
  • by mellifluous ( 249700 ) on Tuesday December 19, 2000 @05:17AM (#548957)
    It doesn't seem like this will deter many companies from investigating port scans -- it just means that they can't claim damages for the scan itself. But it is a good decision, and I hope Moulton wins the counter suit against VC3.

    Admins and their managers are going to have to face up to the fact that if they want to maintain a secure system, they'll have to be vigillant and won't be able to sue everyone for their time.

  • by www.sorehands.com ( 142825 ) on Tuesday December 19, 2000 @05:17AM (#548959) Homepage
    Since this case won't be appealed, it means almost nothing.

    A trial level court decision does not mean much, except to the parties, until there is an appeals court rules on it (or denies to rule on it, sometimes).

    The issue on port scanning will come back again. It will be decided on frequency, and by whom. If you try repeated times on the same system, or using kiddie scripts it will be ruled against you.

  • Trying to connect (specifically, not just in numeric order) to a subseven port is much like actually trying a master key, or trying various root passwords. It shows specific intent to go where you aren't wanted.

    But webservers, ftp servers, telnet, are all ways that you can legitimately access a computer. Connecting, noting a logic message, and disconnecting is just a way of seeing what's out there. As long as no login attempt is made (aside from anonymous FTP) then no attempt is made to gain access to something that is intended to be private.

    There is no good physical metaphor, except maybe knocking. Wandering around looking for doors, knocking when you find them. Jiggling the handle or trying master keys is a whole different story.
  • Except from the story it appears that he didn't even know that they were on the "secure" 911 network that he was examining.
  • It's the equivalent of a burglar checking your doors and windows looking for one that's not locked.

    Trying to play with analogies is bad, but this one needs to be cleared up.

    Port scanning can only tell you what ports are open. You need more tools to 'abuse' those open ports to gain access to the system, and further tools to actually damange the system.

    The analogy should be that port scanning is simply looking at a home and counting the doors and windows. "Hmm, they don't have a door in the back of the house" is equivalent to saying "they're don't have port 23 open". Attempting to connect to that port to see what exploits might be possible is comparable to checking a door on a house to see if it's unlocked. The final step, abusing that exploit, is then compariable to the 'breaking and entering' crime.

    Port Scanning should certianly not be a crime based on this analogy, but again, analogies are bad things to start with. :-)

  • by cprael ( 215426 ) on Tuesday December 19, 2000 @06:11AM (#548977)
    More like finding a house and going to take a look at it. I just want to find a little bit about it. How it was constructed. Are they using brick or stone, gravel driveway or paved, fence or no fence. Same analogy, are they using linux or bsd(or whatever), webserver or no webserver, ssh or not...

    And while you're at it, rattling all the doors and windows to see if everything's locked. Oh yeah - and let's not forget to check those common hiding places for a spare key. You use a Schlage lock? Cool - I've got a Schlage master key.

    You may think that this is stupid, but as I said in the post above, I'm just interested in what theyre running. I said in my post above that I sometimes scan on my university network. Here's two examples where port scanning has either benefited me or someone else.

    No, it isn't stupid. It's blind. You are (deliberately?) ignoring the malicious uses of portscanning, which far outweigh the useful ones simply in magnitude of effect.

    Example: In the past 11 days, I've had 30 unique machines scan my laptop (at home). Of that count, 1 was a telnet connect attempt, 5 were TCP port probes, 3 were OS fingerprints, 2 were attempts to connect to the SubSeven trojan horse, one was an attempt by a known remailer to connect to a mailserver I run on another box so he can use me as a relay point, 6 were RPC connect attempts, 1 proxy port probe, 2 PCAnywhere connect attempts, 8 people tried to connect to a non-existent FTP server, and 3 people tried to connect to a non-existent DNS server. Mostly harmless, but some real jerks in there. And that's in an 11 day window.

    As you might guess, I don't like deliberate portscanners. My network is MY NETWORK. It's here for my convenience, not yours, and I don't particularly appreciate you poking around on my boxes.

  • Port scanning a system is directly analogous to trying the locks on someones home. It is not free speech, it's a violation of property rights.

    No, that stupid tired analogy is not even close to correct. Port scanning allows you to discover what services a machine is running. It doesn't test the security of those services, it merely detects their presence. The "trying the locks" analogy would work if the scanner, having discovered that a service is running, then tried a combination of usernames and passwords to actually gain access to the system. But this guy did no such thing.

    As for the particulars in this case... This person was hired to secure his client's network. A reasonable part of that duty is to see what machines are connected to the network and see what services they are running to assess potential vulnerabilities. It's completely clear that this person did not have any hostile intent in doing this, and on the other hand he would have been seriously remiss in his duties had he NOT assessed the network for potential security breaches.
  • More like finding a house and going to take a look at it. I just want to find a little bit about it. How it was constructed. Are they using brick or stone, gravel driveway or paved, fence or no fence. Same analogy, are they using linux or bsd(or whatever), webserver or no webserver, ssh or not...

    You may think that this is stupid, but as I said in the post above, I'm just interested in what theyre running. I said in my post above that I sometimes scan on my university network. Here's two examples where port scanning has either benefited me or someone else.

    1. I portscanned the mail server here and realized that it is also running a lot of services than the ones I thought. One of these was a webserver. I connected, and learned that I can config my account via the web. Not a bad thing to know because it's all done using an encrypted session. On those times that I don't have an ssh client(such as when I'm at the library), I can still configure my count without having the whole world see it.

    2. When I first met my roommate this year, I decided to scan his computer. Little to his knowledge, someone had put netbus on his computer. I informed him(actually, by playing his computer while he was at it, it was quite funny) and then removed it.

    Case in point. Theyre are many uses of a portscanner. Not every portscan means that the next action of the scanner will be an attack. I'm sure it's a very small percentage.
  • by Flounder ( 42112 ) on Tuesday December 19, 2000 @05:19AM (#548985)
    The judge ruled that that port scanning tools neither "impair the integrity nor availability of the network."

    However, if through the use of a port scanner, a script kiddie finds a weakness in one of your web servers and proceeds to take down your network, then I think it does "impair the integrity nor availability of the network."

    It's the equivalent of a burglar checking your doors and windows looking for one that's not locked.

    I use portscanning tools all the time on my own network. However, I'll be damned if I'm gonna sit back and let some 12 year old with some software downloaded from Tucows identify every machine in my network and what ports they're using.

    Never had it happen though, that's what the firewall's for.

  • Who pays for all the time and money I waste sitting at red lights or stalled traffic on the freeway?

    --

  • by zyklone ( 8959 ) on Tuesday December 19, 2000 @05:21AM (#548990) Homepage

    Thank god that the judge did not buy the standard comp-sec firm talk that a scan is the same thing as a hack attempt.

    Over here (Sweden) there have been lots of whining lately from the security firms suggesting that all broadband users should buy their firewall to avoid the hundreds of hack attempts every day.
    Now how a badly configured firewall would help I do not know.

    To me it seems that security firms have some of the worst security of all internet sites.
    GO EEYE!
  • One problem with your argument, though I symapthise
    By your own acknowledgment you knew you were leaving these ports open and were only failing to close them due to politics. The unfortunate fact is that you should have either taken the machines off the net OR did as you did and face the consequences. You placed these machines onto the internet and in doing so placed every open port onto the internet. What this judgement correctly states is that this action provides permission for anyone to see which ports you have placed on the internet. The judgement does not say that because this port is there you are allowed to do what you want with it, to my mind someone could however have gone as far as to mount your open drive and run an ls or two (discovering that this is not in fact a port left open for anyone to usefully use)...but if they started lookin at anything let alone modifying it.....
    Again I sympathise with anyone in such a situation (and BTW I have never used a portscan except on my own computers) BUT I fail to see any proof in your counter argument....
  • well, standing on the sidewalk and looking at your neighbors door isn't illegal.
  • I'm not to familier with US law but iirc then this only means that you can sniff for free in Georgia. But this does not mean that courts in other states, the supreme courts or courts in other countries will agree on this subject.

    This could become quite interessting IMHO. So far I've seen very little 3l33t script kiddies who could also show any clue or even some knowledge of what they are doing. I could be wrong here but afaik the script kiddies are the ones scanning the most; they only need to know if a certain port is open so they can try out a program which will try to abuse the port. A real hacker would be more interessted in security flaws and bugs in software (remember the apache exploit a few months ago?).

    SO... As far as I can see; What we may expierience here are a lot of narrow minded people who start out scanning hoping to find nasty exploitable ports feeling quite safe. And when they do in another state or country this could turn out to be very nasty. I'm not saying that this will happen, but I'm sure it could happen.

  • by brokeninside ( 34168 ) on Tuesday December 19, 2000 @08:07AM (#549001)
    bugg:
    I don't know about you, but if I some guy I don't know (and didn't give permission to) walking around my house with a clipboard inspecting the windows, I'm calling the police.

    I am not a lawyer, but from what little reading of law I've done, in the US in most jurisdictions, the police problably wouldn't even come out to investigate. Only in situations where "No Trespassing" signs are clearly posted or in situations where you have personally informed an individual that you do not want them on your property would the police even care that someone was looking at your windows.

    [I suppose there would be a few other exceptional circumstance such as the property owner having some sort of injunction against the individual doing the inspection or in the case of the person doing the inspection doing it in a manner that attempts to conceal their identity.]

    Connecting a computer to the internet is really more akin to parking an automobile on a public street. It is not illegal (or even necessarily immoral) to examine such a car up close. It is, however, illegal and/or immoral to use the information obtained from such an examination in certain circumstances (such as to pick the lock or hotwire the vehicle). There are also many circumstances where the informatin comes in helpful. For example, if I see a car with he headlights left on, I will almost always check to see if the door is locked and if it isn't I will turn off the headlights. You can sue me for doing that to your car if you please, but you will lose the suit and you will be laughed out of court by virtually any judge.

    have a day,

    -l

  • and how well the windows are secured...

    Only sort of. To fully meet your analogy, the scan would have to include more than seeing if a connection is accepted. For example, test transactions to see what version of the daemon is running.

  • by BeBoxer ( 14448 ) on Tuesday December 19, 2000 @06:22AM (#549008)
    I would not consider port scanning to be like actually trying locks. It is in fact the least intrusive method possible to determine whether or not a machine is offering services to the public. In this way, it's more like walking down a street looking to see which buildings have open doors and welcome mats.

    Here's a real world example I just came across at work. Part of our address range is in use by a high school. It seems that one of their computers decided to scan for FTP ports on a whole lot of addresses. I don't know if it was a student doing it or if the machine was hacked first. But, do you think this is "a violation of property rights"? For someone to go out and ask machines on the internet if they allow anonymous FTP access?

    I agree completely that if someone is doing things which can only be viewed as a hacking attempt such as scanning for ports with commonly known vulnerabilities which are not used for public services, that's a problem. But, if someone is just looking for machines which are allowing anonymous FTP, who cares? This isn't like "trying the locks" at all.

    It seems like you have a pretty extreme view of what it means to "use" someone elses computer. Is trying to FTP to a machine something which deserves a stiff penalty? What about a ping? What if I happen to get an arp sent down your DSL line? What about when IIS tries to connect back to web clients to get name information? Is this a criminal act on the part of Microsoft to engage in illegal tresspass? Did Cable and Wireless give me implicit authorization to send packets thru their router when they connected it to the internet? Did you give me implicit authorization to send packets to your host when you connected it to the internet? Is it my responsibility to intuit that you don't want FTP sessions? Or is it your responsibility to block FTP packets if they are unwelcome?
  • by brokeninside ( 34168 ) on Tuesday December 19, 2000 @08:13AM (#549009)
    Personally, if someone jiggled my doorknob in the middle of the night, I'd ignore them unless they opened the door and came in. If they simply jiggled and walked away, at most I'd call my neighbors to keep an eye out.

    Regardless, this analogy doesn't fit portscanning. A portscan jiggles no knobs, it simply reports that a knob exists and perhaps what type of knob it is. If someone came by in the middle of the night to check my knob, I'd be a bit suspicious. Much less so if a person did such during the day. In either case their actions are not likely to be illegal.

    have a day,

    -l

  • Portscanning, the way I see it, is a form of trespassing- if I don't want you doing something with my computer, then you shouldn't be allowed to do it.

    A port scan and even an attempt to authenticate using a well known public user/pass (such as ftp/email) is more like looking at a house in a zoning area where businesses and residences are intermixed. No harm, no foul. Trying one's keys in the lock in hopes for a random match (guessing at root password) or breaking a window (exploit) would be another matter.

  • However, if through the use of a port scanner, a script kiddie finds a weakness in one of your web servers and proceeds to take down your network, then I think it does "impair the integrity nor availability of the network."

    I think the weakness itself impairs the integrity of the network, and the taking down of the network to be a crime. The use of the port scanner itself doesn't impair the network.

  • by I Am Smarter Than U ( 264860 ) on Tuesday December 19, 2000 @05:27AM (#549021)

    [root@box0r root]# nmap -S 208.47.125.33 -e eth0 -P0 -sS slashdot.org

    Beautiful...
  • The judge got it right. Congratulations.
  • Read the full brief sometime. Not only did he do portscans, there were pingfloods too (which they tried to pass off as "throughput tests")

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...