[32934] in North American Network Operators' Group
RE: Port scanning legal
daemon@ATHENA.MIT.EDU (Mark Borchers)
Tue Dec 19 11:06:20 2000
Message-ID: <CA47B6D616C0D211B92E0008C7C5657C08528907@hscmpxsrvcl01>
From: Mark Borchers <mborchers@splitrock.net>
To: nanog@merit.edu
Date: Tue, 19 Dec 2000 10:04:14 -0600
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Errors-To: owner-nanog-outgoing@merit.edu
The gray area of port-scanning legality came up at Usenix's
conference earlier this month. I believe the consensus was
that you are on firmer ground when organizations who own
machines that attackers might perform port scans FROM
have AUP's that prohibit such activity. Nothing in this
court case would seem to prevent an organization from
disciplining individuals for using a system for an
administratively prohibited purpose.
> -----Original Message-----
> From: Edward S. Marshall [mailto:emarshal@logic.net]
> Sent: Tuesday, December 19, 2000 9:43 AM
> To: nanog@merit.edu
> Subject: Port scanning legal
>
>
> http://www.securityfocus.com/templates/article.html?id=126
>
> A quick quote from the article:
>
> A tiff between two IT contractors that spiraled into federal court
> ended last month with a U.S. district court ruling in Georgia that
> port scanning a network does not damage it, under a section of the
> anti-hacking laws that allows victims of cyber attack to sue an
> attacker.
