[188661] in North American Network Operators' Group
Re: how to deal with port scan and brute force attack from AS 8075 ?
daemon@ATHENA.MIT.EDU (Owen DeLong)
Mon Apr 11 17:06:03 2016
X-Original-To: nanog@nanog.org
From: Owen DeLong <owen@delong.com>
In-Reply-To: <CAP-guGWsxBZymtG696xQt6hxJ9aqw3ZqNuNBNujWz4vsC_5e8Q@mail.gmail.com>
Date: Mon, 11 Apr 2016 14:05:18 -0700
To: William Herrin <bill@herrin.us>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
> On Apr 11, 2016, at 12:12 , William Herrin <bill@herrin.us> wrote:
>=20
> On Mon, Apr 11, 2016 at 2:18 PM, Owen DeLong <owen@delong.com> wrote:
>> On Apr 7, 2016, at 07:41 , William Herrin <bill@herrin.us> wrote:
>> On Thu, Mar 31, 2016 at 5:36 AM, Bacon Zombie <baconzombie@gmail.com> =
wrote:
>>=20
>> I would ignore the portscans since there is nothing wrong with =
portscanning
>> the Internet.
>>=20
>> You might want to check with your lawyer on that. If you
>> _intentionally_ port-scan a computer located in Virginia without the
>> owner's permission (and do nothing else, just port-scan it) it's a
>> class 3 misdemeanor under 18.2-152.1, et seq. That's up to a $500 =
fine
>> for each computer you scan. By comparison, shoplifting is a class 1
>> misdemeanor while possession of a schedule V narcotic is another =
class
>> 3.
>>=20
>> I think you=E2=80=99re on shaky ground here.
>>=20
>> 18.2-152.3 reads:
>=20
> That's computer fraud. You want =C2=A7 18.2-152.4, computer trespass.
I worked forward (et. seq.) from where you started=E2=80=A6 However=E2=80=A6=
18.2-152.4 =
<http://law.justia.com/codes/virginia/2006/toc1802000/18.2-152.4.html>. =
Computer trespass; penalty.
A. It shall be unlawful for any person, with malicious intent, to:
1. Temporarily or permanently remove, halt, or otherwise disable any =
computerdata, computer programs or computer software from a computer or =
computernetwork;
2. Cause a computer to malfunction, regardless of how long the =
malfunctionpersists;
3. Alter, disable, or erase any computer data, computer programs or =
computersoftware;
4. Effect the creation or alteration of a financial instrument or of =
anelectronic transfer of funds;
5. Use a computer or computer network to cause physical injury to =
theproperty of another; or
6. Use a computer or computer network to make or cause to be made =
anunauthorized copy, in any form, including, but not limited to, any =
printed orelectronic form of computer data, computer programs or =
computer softwareresiding in, communicated by, or produced by a computer =
or computer network.
7. [Repealed.]
B. Any person who violates this section shall be guilty of computer =
trespass,which offense shall be punishable as a Class 1 misdemeanor. If =
there isdamage to the property of another valued at $1,000 or more =
caused by suchperson's act in violation of this section, the offense =
shall be punishable asa Class 6 felony.
C. Nothing in this section shall be construed to interfere with or =
prohibitterms or conditions in a contract or license related to =
computers, computerdata, computer networks, computer operations, =
computer programs, computerservices, or computer software or to create =
any liability by reason of termsor conditions adopted by, or technical =
measures implemented by, aVirginia-based electronic mail service =
provider to prevent the transmissionof unsolicited electronic mail in =
violation of this article. Nothing in thissection shall be construed to =
prohibit the monitoring of computer usage of,the otherwise lawful =
copying of data of, or the denial of computer orInternet access to a =
minor by a parent or legal guardian of the minor.
Doesn=E2=80=99t really seem to fit the bill, either.
First, I think you have a hard time proving =E2=80=9Cmalicious intent=E2=80=
=9D from just a port scan without other activity.
However, even if you do, it=E2=80=99s hard to imagine how a port scan =
would meet any of the 6 tests stated.
Care to try again?
Owen
