On 10/16/12, Darius Jahandarie <djahandarie@gmail.com> wrote:
On Tue, Oct 16, 2012 at 12:57 AM, Scott Weeks <surfer@mauigateway.com> wrote: I always thought it wasn't allowed because of 18 USC ยง 2701, but IINAL, would be happy to hear otherwise :). 18 USC 2701 is not necessarily the only consideration.
I would rather say that there might be a risk of criminal and civil liability, for all entities intentionally participating in, assisting as accomplices in, or facilitating as service provider, software provider, providers of information or operating instructions, etc, for, anyone conducting or intentionally assisting an unauthorized port scan of a different ISP's address space, that varies with jurisdiction, and you should consult your counsel, to determine if any precautions are appropriate to manage the risk, such as obtaining proper Letters of authorization from IP address assignees in advance, or if the responsible entity determines that you must abstain from the activity entirely, because the risk level is too high. By definition a reputable service, will not have a policy that you may execute internet-wide port scans of arbitrary ports that include IP networks/addresses that are not either assigned to you, your ISP customer, or that you have specific written permission to scan, as they will want to manage the risks to themselves properly as well. Port scans are strongly associated with malicious activity. And there are other risks of adverse actions, besides legal ones, such as the service provider's address space becoming widely blacklisted or becoming depeered. Before a network service provider offers any kind of service that permits the SPs' services to be used for arbitrary port scans of other remote networks, they are likely to have taken steps to protect themselves, by setting some terms of use and policy restrictions on what conditions and parameters must be met, before a scan is allowed.
Darius Jahandarie -- -JH