On Tue, 19 Dec 2000 11:05:40 EST, Jeff Wheat <jeff@cetlink.net> said:
Isn't that just sweet... So in a nutshell it is *not* illegal for kiddies to port scan a network looking for vulnerabilities. It would seem to me that such scans would impair the integrity of ones networks, or am I just smoking crack?
1) It's only binding on the one US Circuit Court district. 2) It's narrowly written to only prohibit counting the time spent investigating a port scan as "damages". So if you're billable for $200/hour, and spend 1 hour checking the portscan and 10 hours fixing the hack-in they found, if you're computing damages for civil or criminal action, it's only $2,000, not $2,200. 3) Let's not forget that a *scan* only actually impairs the integrity of a network that hasn't been secured against scanning. You'll never have somebody walk up to you and say "Hey, your front door is unlocked" if you always lock your front door. The problem starts when somebody takes the information gathered from the scan and actually uses an exploit. And case law seems to be pretty clear in most jurisdictions that have computer crime laws - using an exploit is a no-no. And no, please don't go scanning our nets to find stuff for us - we're quite aware of exactly what shape our 2 /16's are in. ;) -- Valdis Kletnieks Operating Systems Analyst Virginia Tech