ping!
-----Original Message----- From: Shawn McMahon [mailto:smcmahon@eiv.com] Sent: Tuesday, December 19, 2000 10:58 AM To: nanog@merit.edu Subject: Re: Port scanning legal
On Tue, Dec 19, 2000 at 11:59:23AM -0500, John Fraizer wrote:
Had he likened portscanning someones network to walking
into their back
yard with a ladder, climbing up to the second floor and checking for open windows, perhaps the court would have found differently.
I'm sure they would, but it's a deeply flawed analogy.
How many ports must be scanned before you deem it an attack? Is one port enough? Five? 50?
If you pick a number here, is that arbitrary, or do you have a valid logical (and legally-supportable) reason for the number?
If one port is sufficient, then the act of typing an IP address into a web browser to see if there's a web server listening is a crime.
On Tue, Dec 19, 2000 at 11:15:17AM -0800, Roeland Meyer wrote:
ping!
That, too. Better lock me up; I can't count the number of times I've nmap-ed somebody just to find out what OS they were using, either for personal curiosity, or as part of an argument.
On Tue, 19 Dec 2000, Shawn McMahon wrote:
Better lock me up; I can't count the number of times I've nmap-ed somebody just to find out what OS they were using, either for personal curiosity, or as part of an argument.
Cool. Since you're obviously in the right, how about scanning some U.S. military networks and letting us all know what OS they are using? If you like, I'll start an argument with you so you have the justification you need to portscan. -Dan
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 19 Dec 2000, Dan Hollis wrote:
On Tue, 19 Dec 2000, Shawn McMahon wrote:
Better lock me up; I can't count the number of times I've nmap-ed somebody just to find out what OS they were using, either for personal curiosity, or as part of an argument.
Cool. Since you're obviously in the right, how about scanning some U.S. military networks and letting us all know what OS they are using?
I have tcpwrappers set to trigger a portscan after certain actions... and I have inadvertently scanned a section of the navy.mil network because of this. (They're running raptor... what a surprise.) I was not approached by any men in black after this happened. I suspect the US Military is well accustomed to having its networks scanned. - --Len. __ L. Sassaman Security Architect | "The world's gone crazy, Technology Consultant | and it makes no sense..." | http://sion.quickie.net | --Sting -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE6QB2QPYrxsgmsCmoRAlGNAKC+UfoTVzbYIPps4FqLORbendxPiwCgtmb9 dLMYIcGlJHUvfq3iGepfKbQ= =GeE9 -----END PGP SIGNATURE-----
On Tue, Dec 19, 2000 at 06:46:32PM -0800, L. Sassaman wrote:
I have tcpwrappers set to trigger a portscan after certain actions... and I have inadvertently scanned a section of the navy.mil network because of this. (They're running raptor... what a surprise.)
I was not approached by any men in black after this happened. I suspect the US Military is well accustomed to having its networks scanned.
Speaking for myself, I was doing a routine sweep of one of my (now former) employer's netblocks, and typoed one of the quads in a /19 -- inadvertantly nmapping a navy.mil block, which I did not realize until I looked at the output file created. I made a note of it, expecting at the very least an email about it. Nothing at all happened. As Len has noted, this is a fairly common occurance for anyone on the internet, particularly the US military, and is not going to raise many eyebrows. I think a good part of the reason that portscanning remains legal is situations like these -- it is very hard (or involves a large amount of alcohol) to try and open someone else's car or home door. It is not very hard to inadvertantly nmap or ping the wrong address. Given that, can we please stop bickering over it? --msa
participants (5)
-
Dan Hollis
-
L. Sassaman
-
Majdi S. Abbas
-
Roeland Meyer
-
Shawn McMahon