So you're argument is that port scanning is considered permissable use?
Thats what this really comes down to. The analogy of ringing a doorbell is
inaccurate. To use your example, connecting for email is exactly the same as
port scanning. Therefore, port scanning is making use of a website. And
clearly, it should not be considered permissable use.
My opinion? It probably shouldn't be illegal. But there is virtually no
valid reason a scan should be performed on most sites. The motivation is
usually looking for a way in. As such, it should be responded to by the
administrator. Scanning may not be against the law, but it's also not
against the law for an administrator to call the ISP in question, and apply
heat to get the account cancelled.
-----Original Message-----
From: Derek Martin <[EMAIL PROTECTED]>
To: Dave Gillett <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, July 22, 1999 9:09 PM
Subject: Re: trial & charges
>On Thu, 22 Jul 1999, Dave Gillett wrote:
>
>> On 21 Jul 99, at 18:04, Matthew G . Harrigan wrote:
>>
>> > Last I checked, utilizing things such as port scanners, tcp
fingerprinting
>> > tools, and the like are not illegal, because there is no way to
>> > disseminate legitimate system administration techniques (you'll notice
that
>> > enterprise network management packages which do network discovery
utilize
>> > all of the above.) from actual penetration attempts, unless the
activity
>> > yields someone actually gaining user level access to a said networked
>> > device. I would find it hard to believe that someone could be
prosecuted
>> > based on something like an nmap scan.
>>
>> This is like saying that car theft can't be illegal because it would
>> prevent anyone from ever driving! [Clue: It becomes criminal when you
don't
>> have the owner's permission....]
>
>Did you obtain the permission to send mail to this mailing list from the
>owner of the machine and network that it resides on? NO? YOU MUST BE
>BREAKING THE LAW by sending your mail then... by your definition.
>
>Internet servers are, by nature, somewhat public. This is the problem.
>How do you define what's permissible and what isn't? The physical act of
>connecting to an e-mail server is THE EXACT SAME as doing a port scan.
>Except that you did it to a whole bunch of different ports. It's like
>ringing the doorbell at the front door of someone's house, then going
>around to the side door and ringing that one too.
>
>
>Derek D. Martin | UNIX System Administrator
>[EMAIL PROTECTED] | [EMAIL PROTECTED]
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
