http://www.securityfocus.com/templates/article.html?id=126 A quick quote from the article: A tiff between two IT contractors that spiraled into federal court ended last month with a U.S. district court ruling in Georgia that port scanning a network does not damage it, under a section of the anti-hacking laws that allows victims of cyber attack to sue an attacker. Last week both sides agreed not to appeal the decision by judge Thomas Thrash, who found that the value of time spent investigating a port scan can not be considered damage. "The statute clearly states that the damage must be an impairment to the integrity and availability of the network," wrote the judge, who found that a port scan impaired neither. This may have ramifications for both security professionals and abuse desk personnel; this ruling would seem to make it clear that you cannot claim time spent investigating abuse issues as damage. The complete finding is here: http://pub.bna.com/eclr/00434.htm Any armchair lawyers on the list want to take a crack at this? -- Edward S. Marshall <emarshal@logic.net> http://www.nyx.net/~emarshal/ ------------------------------------------------------------------------------- [ Felix qui potuit rerum cognoscere causas. ]