Isn't that just sweet... So in a nutshell it is *not* illegal for kiddies to port scan a network looking for vulnerabilities. It would seem to me that such scans would impair the integrity of ones networks, or am I just smoking crack? Jeff CETLink.Net
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Edward S. Marshall Sent: Tuesday, December 19, 2000 10:43 AM To: nanog@merit.edu Subject: Port scanning legal
http://www.securityfocus.com/templates/article.html?id=126
A quick quote from the article:
A tiff between two IT contractors that spiraled into federal court ended last month with a U.S. district court ruling in Georgia that port scanning a network does not damage it, under a section of the anti-hacking laws that allows victims of cyber attack to sue an attacker.
Last week both sides agreed not to appeal the decision by judge Thomas Thrash, who found that the value of time spent investigating a port scan can not be considered damage. "The statute clearly states that the damage must be an impairment to the integrity and availability of the network," wrote the judge, who found that a port scan impaired neither.
This may have ramifications for both security professionals and abuse desk personnel; this ruling would seem to make it clear that you cannot claim time spent investigating abuse issues as damage. The complete finding is here:
http://pub.bna.com/eclr/00434.htm
Any armchair lawyers on the list want to take a crack at this?
-- Edward S. Marshall <emarshal@logic.net> http://www.nyx.net/~emarshal/ ------------------------------------------------------------------ ------------- [ Felix qui potuit rerum cognoscere causas. ]