[32933] in North American Network Operators' Group
Port scanning legal
daemon@ATHENA.MIT.EDU (Edward S. Marshall)
Tue Dec 19 10:49:25 2000
Date: Tue, 19 Dec 2000 09:42:55 -0600 (CST)
From: "Edward S. Marshall" <emarshal@logic.net>
To: <nanog@merit.edu>
Message-ID: <Pine.LNX.4.30.0012190930530.27364-100000@labyrinth.local>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
http://www.securityfocus.com/templates/article.html?id=126
A quick quote from the article:
A tiff between two IT contractors that spiraled into federal court
ended last month with a U.S. district court ruling in Georgia that
port scanning a network does not damage it, under a section of the
anti-hacking laws that allows victims of cyber attack to sue an
attacker.
Last week both sides agreed not to appeal the decision by judge Thomas
Thrash, who found that the value of time spent investigating a port
scan can not be considered damage. "The statute clearly states that
the damage must be an impairment to the integrity and availability of
the network," wrote the judge, who found that a port scan impaired
neither.
This may have ramifications for both security professionals and abuse desk
personnel; this ruling would seem to make it clear that you cannot claim
time spent investigating abuse issues as damage. The complete finding is
here:
http://pub.bna.com/eclr/00434.htm
Any armchair lawyers on the list want to take a crack at this?
--
Edward S. Marshall <emarshal@logic.net> http://www.nyx.net/~emarshal/
-------------------------------------------------------------------------------
[ Felix qui potuit rerum cognoscere causas. ]
