Eric,
> Reading the Texas Penal Code, Chapter 33, Computer Crimes,
> makes me think that port scanning is probably considered a
> Class B Misdemeanor in Texas.
>
> Section 33.01 defines "Access" as:
> (1) "Access" means to approach, instruct, communicate with,
> store data in, retrieve or intercept data from, alter data or
> computer software in, or otherwise make use of any resource
> of a computer, computer network, computer program, or computer
> system.
>
> Under this definition, a port scan is certainly an "access" of
> a computer.
>
> Then, in section 33.02, Breach of Computer Security, we find that
>
> (a) A person commits an offense if the person knowingly accesses
> a computer, computer network, or computer system without the
> effective consent of the owner.
>
> Thus, if a port scan is an "access" of a computer, the person
> performing the port scan is committing an offense.
>
> Continuing on with the penalties:
>
> (b) An offense under this section is a Class B misdemeanor
> unless in committing the offense the actor knowingly obtains a
> benefit, defrauds or harms another, or alters, damages, or
> deletes property, in which event the offense is:
>
> (1) a Class A misdemeanor if the aggregate amount involved
> is less than $1,500;
>
> (2) a state jail felony if:
>
> (A) the aggregate amount involved is $1,500 or more but
> less than $20,000; or
>
> (B) the aggregate amount involved is less than $1,500
> and the defendant has been previously convicted two
> or more times of an offense under this chapter;
>
> (3) a felony of the third degree if the aggregate amount
> involved is $20,000 or more but less than $100,000;
>
> (4) a felony of the second degree if the aggregate amount
> involved is $100,000 or more but less than $200,000; or
>
> (5) a felony of the first degree if the aggregate amount
> involved is $200,000 or more.
>
> Thus, in a simple port scan with no subsequent break-in, the
> scanner is guilty of a Class B misdemeanor (see section 12.03
> for classification of misdemeanors).
I think the issue here is not the definition of access, but the phrase,
"without the effective consent of the owner.". If you are connected to
the Internet, then you "effectively", give consent to be "accessed" for
lawful purposes. Now the issue become "lawful purposes". By what I've
read in the Texas penal code, as it pertains to port scanning, only a
denial of service would be considered unlawful. Port scans do not alter
or destroy data so that's not an issue. If your port scan caused someone
to not access something that they should be able to, this would be a class
B misdemeanor. Of course, proving that the port scan actually did cause
the client to not access a service would be interesting to say the least.
I think any case like this would not be successful unless either the judge
or too many members of the jury did not understand how port scanning works.
To say that some 64000 odd synchronous packets sent to the destination
host, with another 64000 odd packets going back to the source would cause
a network blockage or cause the TCP/IP connections array to overflow or
fill up to the point of congestion would be difficult. Of course, if the
destination host's TCP/IP stack was misconfigured in the kernel, this could
happen. But then who's really at fault, the port scanner or the systems
administration staff at the destination host. Hummmmm . . . .
Anyway, that's my interpretation.
Paul
---------------------------------------------------------------------------
Paul B. Brown [EMAIL PROTECTED]
President
Brown Technologies Network, Inc. http://www.btechnet.com/
Systems and Applications Design, Development, Deployment, and Maintenance
---------------------------------------------------------------------------
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
