On Tue, 20 Jul 1999, Frank Knobbe wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> > -----Original Message-----
> > From: Kent Hundley [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, July 20, 1999 2:58 PM
> > To: Ryan Russell
> > Cc: Dave Gillett; firewalls
> > Subject: Re: Response to hack attempt?
> >
> [...]
> > If it _were_ against the law to perform a port scan, it would not
> matter whether the intent was to check for
> > vulnerabilities for an actual break in or if it were just someone
> playing with a new scanning tool. It's the same as
> > someone stealing a car to sell it and someone stealing a car to
> joyride. Both are covered by existing statutes, but the
> > question of intent may make the penalties worse for one.
>
> ...yet still, both are illegal. Port scanning has been ruled illegal
> (without proper authorization) in ... where the hell was that, Sweden?
> Norway? Somewhere in that area. I just wish it would apply here as
> well.
Well, it feels like I might step in here. Correct! Port scanning is
illegal in Sweden.
Even if it's illegal, I don't think that the Swedish court will sentence
anyone for a post scan. But it is as good warning signal. What I do know
is that even triyng to use telnet to a machine and hit enter twice, is in
fact a crime.
This is not only in Sweden.
In Hungary, a server showed log about an intent to break in. The person
had typed root, and a password he got from IRC. Script kids, as he was,
don't really know what they do, so he had misspelled the password and
didn't get any access.
But the kid, living in Sweden, got in big trouble. The rest is just court
history, not worth talking about here.
Another sad thing is this:
A company, having i Linux based firewall, getting lots of hacking attemts.
( the company is in Sweden ), both via telnet, ssh, webhack, ftp hack and
simple port scans. Reports every singel attemt to the ISP involved ( at
least 10 diffrent ISPs, from al over the world). Notting happens!!! Then
one simple telnet session is from another part of Sweden, the ISP is told
about it, and BAM!!! The account is closed. The ISP calls the company
being abused, and the work it out. The kid using the telnet says where he
got the ipadress from, why he did it and so on. The abused company is
satisfied, and the ISP account is open again. It took 15 min, and the kid
will never try anything like that again.
There are different laws in different parts of the world!!!
Having this thread only shows that we are all kids in a park. Trying to
scream loud, making sure everybody sees us. Saying, It's like this for me
and you should listen! I am right, you are wrong!
How smart is that?
Instead, accept the fact that laws differ, and use them as well as you
can. There are always more then one way to catch a rabbit, meaning, If
post scan is illegal in the place you're in. Report it to all parties
involved, and if you get a port scan from somebody in Sweden, report that
scaning is illegal there.
Since I've started to work with the company I talked about above, the
hacking attemts has decreased with 87%. The only real thing I have done is
adding a few lines in their report mail, saying that if the attemts
doesn't stop we will take legal action in Sweden. This is often enough to
make the ISP put some effort in trying to find the kid. Then when the kid
knows that he has been seen, ... let's say that he dosen't think that it's
the same fun anymore.
>
> Because basically, a port scan is an access. If you scan a port, say
> 25, you will invoke a response, say a mail server greeting. That alone
> could be construed unauthorized access (if you did not send mail).
>
> > The point remains, scanning is not illegal, so the question of
> intent is irrelevant from a legal perspective.
>
> Unfortunately correct afaik. However, if you step just a tad over a
> scan, say you found telnet open on a router, and you telnet into that
> port. You tried 'admin', it fails, and you move on; this access was
> unauthorized, and could and should be illegal. But where is the line
> drawn? Are you committing a crime by a) scanning, b) unauthorized
> access attempt, c) successful, non-destructive (i.e. show ip route),
> unauthorized access, or d) destructive, unauthorized access (i.e.
> reboot router)?
>
> Over time and lawsuits, this will all fall in place. I suggest we
> assume that from a) on it's illegal, and from c) on you should take
> legal actions.
>
> Regards,
> Frank
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Personal Privacy 6.0.2
> Comment: PGP or S/MIME (X.509) encrypted email preferred
>
> iQA/AwUBN5VBwSlma9DCzQQeEQJDAwCeOeaDcDOOdzVzzFYeGOUkOq/03SsAoKUb
> ouZ2W15D5hFvJ6Q/dWqENUUh
> =1Uyn
> -----END PGP SIGNATURE-----
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
And as usual,
don't mix my opinion with my companys.
\\Lars Kronf�lt
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
