Here is some points I that have come to my mind reading this thread:
1. At least the finnish law speaks of ATTEMPTED computer break in, it
does not mention any specific techniques, like port scanning. The
qustion the court might need to answer is, if it is probable that a
break-in was attempted. This is not only about the intension of the
attacker, but also about if the person could normally be expected to act
as he did. eg people do not normally walk down the street trying car
doors to see if they are locked. Or a person can normally expected to
hit TCP port 80 of a web server, not trying every port she thinks worth
wile.
2. Dave Gillett suggested that "the publication of subscription info may
be s construed as authorization to
attempt to subscribe, and the acceptance of a subscription as
authorization
to post." In legal terms this means the subscriber and the list
maintainer have entered a contract giving right to a spesific use of the
computing facities: I hope I am not in violation of my contract by being
off topic;)
3. I never thought of it like this before, but now that you mention it,
It might be "against the law for an administrator to call the ISP in
question, and apply heat to get the account cancelled." It might be
construed as taking the law in your own hands or illegal threat, if you
men by "applying heat" burning down the IPS facilities if they don't
cancell the account.
Sakari Myllym�ki
> -----Original Message-----
> From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, July 23, 1999 5:10 AM
> To: Derek Martin; Dave Gillett
> Cc: [EMAIL PROTECTED]
> Subject: Re: trial & charges
>
> So you're argument is that port scanning is considered permissable
> use?
> Thats what this really comes down to. The analogy of ringing a
> doorbell is
> inaccurate. To use your example, connecting for email is exactly the
> same as
> port scanning. Therefore, port scanning is making use of a website.
> And
> clearly, it should not be considered permissable use.
>
> My opinion? It probably shouldn't be illegal. But there is virtually
> no
> valid reason a scan should be performed on most sites. The motivation
> is
> usually looking for a way in. As such, it should be responded to by
> the
> administrator. Scanning may not be against the law, but it's also not
> against the law for an administrator to call the ISP in question, and
> apply
> heat to get the account cancelled.
>
> -----Original Message-----
> From: Derek Martin <[EMAIL PROTECTED]>
> To: Dave Gillett <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> Date: Thursday, July 22, 1999 9:09 PM
> Subject: Re: trial & charges
>
>
> >On Thu, 22 Jul 1999, Dave Gillett wrote:
> >
> >> On 21 Jul 99, at 18:04, Matthew G . Harrigan wrote:
> >>
> >> > Last I checked, utilizing things such as port scanners, tcp
> fingerprinting
> >> > tools, and the like are not illegal, because there is no way to
> >> > disseminate legitimate system administration techniques (you'll
> notice
> that
> >> > enterprise network management packages which do network discovery
> utilize
> >> > all of the above.) from actual penetration attempts, unless the
> activity
> >> > yields someone actually gaining user level access to a said
> networked
> >> > device. I would find it hard to believe that someone could be
> prosecuted
> >> > based on something like an nmap scan.
> >>
> >> This is like saying that car theft can't be illegal because it
> would
> >> prevent anyone from ever driving! [Clue: It becomes criminal when
> you
> don't
> >> have the owner's permission....]
> >
> >Did you obtain the permission to send mail to this mailing list from
> the
> >owner of the machine and network that it resides on? NO? YOU MUST
> BE
> >BREAKING THE LAW by sending your mail then... by your definition.
> >
> >Internet servers are, by nature, somewhat public. This is the
> problem.
> >How do you define what's permissible and what isn't? The physical
> act of
> >connecting to an e-mail server is THE EXACT SAME as doing a port
> scan.
> >Except that you did it to a whole bunch of different ports. It's
> like
> >ringing the doorbell at the front door of someone's house, then going
> >around to the side door and ringing that one too.
> >
> >
> >Derek D. Martin | UNIX System Administrator
> >[EMAIL PROTECTED] | [EMAIL PROTECTED]
> >
> >-
> >[To unsubscribe, send mail to [EMAIL PROTECTED] with
> >"unsubscribe firewalls" in the body of the message.]
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
