[188652] in North American Network Operators' Group
Re: how to deal with port scan and brute force attack from AS 8075 ?
daemon@ATHENA.MIT.EDU (Jared Mauch)
Mon Apr 11 14:31:20 2016
X-Original-To: nanog@nanog.org
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <35AD5EAD-F2B9-4F9D-8218-646258640320@delong.com>
Date: Mon, 11 Apr 2016 14:31:15 -0400
To: Owen DeLong <owen@delong.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
> On Apr 11, 2016, at 2:18 PM, Owen DeLong <owen@delong.com> wrote:
>=20
> I could be wrong, IANAL, but I=E2=80=99d be surprised if a mere =
portscan would actually be treated as a violation for the reasons cited =
above.
>=20
>> Not that I've ever heard of someone being fined but you're definitely
>> in to "something wrong" territory.
>=20
> I don=E2=80=99t think you=E2=80=99ve made your case for =E2=80=9Cdefinit=
e=E2=80=9D so far. I agree you might be at risk from an overzealous =
prosecutor and an activist judge that hates hackers for some reason, but =
short of that, I think you=E2=80=99re unlikely to run afoul of this =
statute just on a port scan.
>=20
my experience in talking to the DoJ in the US is this is not going to =
illicit any sort of a response.
I will say that the number of people who =E2=80=9Cset up a tool=E2=80=9D =
to watch for activity then claim things like a DNS packet or backscatter =
from DDoS represent a log-on attempt generates the most amusing email to =
read.
- Jared=
