[188650] in North American Network Operators' Group
Re: how to deal with port scan and brute force attack from AS 8075 ?
daemon@ATHENA.MIT.EDU (Owen DeLong)
Mon Apr 11 14:21:02 2016
X-Original-To: nanog@nanog.org
From: Owen DeLong <owen@delong.com>
In-Reply-To: <CAP-guGWLrfEpSPiTA+EVqvdsfc_M5pLoY6+gAW5XEFFkDf3rVA@mail.gmail.com>
Date: Mon, 11 Apr 2016 11:18:43 -0700
To: William Herrin <bill@herrin.us>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> On Apr 7, 2016, at 07:41 , William Herrin <bill@herrin.us> wrote:
>=20
> On Thu, Mar 31, 2016 at 5:36 AM, Bacon Zombie <baconzombie@gmail.com> =
wrote:
>> I would ignore the portscans since there is nothing wrong with =
portscanning
>> the Internet.
>=20
> You might want to check with your lawyer on that. If you
> _intentionally_ port-scan a computer located in Virginia without the
> owner's permission (and do nothing else, just port-scan it) it's a
> class 3 misdemeanor under 18.2-152.1, et seq. That's up to a $500 fine
> for each computer you scan. By comparison, shoplifting is a class 1
> misdemeanor while possession of a schedule V narcotic is another class
> 3.
I think you=E2=80=99re on shaky ground here.
18.2-152.3 reads:
Any person who uses a computer or computer network, without authority =
and:
1. Obtains property or services by false pretenses;
2. Embezzles or commits larceny; or
3. Converts the property of another;
is guilty of the crime of computer fraud.
If the value of the property or services obtained is $200 or more, the =
crime of computer fraud shall be punishable as a Class 5 felony. Where =
the value of the property or services obtained is less than $200, the =
crime of computer fraud shall be punishable as a Class 1 misdemeanor.
The requirements here are to meet at least one of the 3 tests listed.
I think it=E2=80=99s rather hard to claim that a portscan by itself =
=E2=80=9Cobtained property or services by false pretenses=E2=80=9D.
I think it=E2=80=99s even harder to claim that it constitutes =
=E2=80=9Cembezzling=E2=80=9D or =E2=80=9Clarceny=E2=80=9D.
I also think you=E2=80=99d have a tough time arguing that eliciting a =
response packet to one or more packets actually constitutes conversion =
of property.
So I don=E2=80=99t see how you=E2=80=99d make much of a case for a =
port-scan being a violation of 18.2-152.1 et. seq.
I think the argument, rather easily, could be made that a port-scan is =
the internet equivalent of a door-knock. By itself, it doesn=E2=80=99t =
constitute unlawful entry. Now, a persistent door-knock might constitute =
some form of harassment and frequent or continuous port-scans could be =
argued to be a form of denial of service (which would constitute =
conversion), but the odd port-scan is unlikely to meet the tests under =
the law you cited.
> A key word here is "intentionally." Poking at it by mistake (e.g. you
> thought it was a different computer which you had the authority to
> scan) is not a crime. Nor, most likely, is less aggressive behavior
> which would not ordinarily be part of gaining unauthorized access,
> such as pinging or tracerouting.
I could be wrong, IANAL, but I=E2=80=99d be surprised if a mere portscan =
would actually be treated as a violation for the reasons cited above.
> Not that I've ever heard of someone being fined but you're definitely
> in to "something wrong" territory.
I don=E2=80=99t think you=E2=80=99ve made your case for =E2=80=9Cdefinite=E2=
=80=9D so far. I agree you might be at risk from an overzealous =
prosecutor and an activist judge that hates hackers for some reason, but =
short of that, I think you=E2=80=99re unlikely to run afoul of this =
statute just on a port scan.
Owen
