[32949] in North American Network Operators' Group
RE: Port scanning legal
daemon@ATHENA.MIT.EDU (Roeland Meyer)
Tue Dec 19 14:22:10 2000
Message-ID: <9DC8BBAD4FF100408FC7D18D1F0922869B78@condor.mhsc.com>
From: Roeland Meyer <rmeyer@mhsc.com>
To: 'Shawn McMahon' <smcmahon@eiv.com>, nanog@merit.edu
Date: Tue, 19 Dec 2000 11:15:17 -0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Errors-To: owner-nanog-outgoing@merit.edu
ping!
> -----Original Message-----
> From: Shawn McMahon [mailto:smcmahon@eiv.com]
> Sent: Tuesday, December 19, 2000 10:58 AM
> To: nanog@merit.edu
> Subject: Re: Port scanning legal
>
>
> On Tue, Dec 19, 2000 at 11:59:23AM -0500, John Fraizer wrote:
> >
> > Had he likened portscanning someones network to walking
> into their back
> > yard with a ladder, climbing up to the second floor and
> checking for open
> > windows, perhaps the court would have found differently.
>
> I'm sure they would, but it's a deeply flawed analogy.
>
> How many ports must be scanned before you deem it an attack?
> Is one port
> enough? Five? 50?
>
> If you pick a number here, is that arbitrary, or do you have a valid
> logical (and legally-supportable) reason for the number?
>
> If one port is sufficient, then the act of typing an IP address into a
> web browser to see if there's a web server listening is a crime.
>
>
