Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
The Courts Government News

Law Review Article Says Port Scanning Illegal 373

Posted by timothy from the spicy-bedtime-reading dept.
Anonymous Coward writes: "The Journal of Technology Law and Policy has a good article on computer security and privacy. If you ignore the more metaphorical crap at the beginning of the article, the author marches through some laws that apply to the Internet and shows how they apply and why his way of deciding what kind of access to a computer breaks the law and what kinds don't is better. (Its based on property and expectations of privacy.) It's interesting to see the computer security from a lawyer's point of view. Especially interesting are his claims that using nmap is illegal, despite the VC3 v. Moulton case. I'm not sure I agree with him, but he definitely makes a pretty sobering case." Actually, I think the metaphors throughout this piece (not just at the beginning) are what make it interesting, and a big component of law is dealing with metaphors. This piece also collects in one place a lot of the cases dealing with computer law.
This discussion has been archived. No new comments can be posted.

Law Review Article Says Port Scanning Illegal More

Law Review Article Says Port Scanning Illegal

Comments Filter:
  • This is similar in attitude to the "admins that dont patch their systems deserve to get cr/hacked"


    What are the IP addresses of the machines you admin? I'd like to see if you patch them.


    - A.P. (I have no sympathy for admins who don't patch their machines and people who don't make backups.)

    --
    Forget Napster. Why not really break the law?

  • The faster they look, the more they can see. But a thief who smashes a store window, grabs what he can and walks away, is just as guilty as the thief that does a smash and grab, then runs.
    Poor analogy. What is nmap stealing when it performs connection attempts? What is it smashing?

    - A.P.

    --
    Forget Napster. Why not really break the law?

  • No no- the article _defuses_ that thinking. Currently the wall builder is always right. The article raises the issue of where such walls may be built- and a person's own computer may reasonably be considered their private property- and an inappropriate place for building!

    This is a big change from how things work now.

    I have no problem with companies' own servers being very forcefully protected, or with extreme limits being placed on what I can do to or with THEIR computers- if the SAME LIMITS apply to what they can do with mine! This has often been a concern of mine. I see my hard disks as private property, and just because I run a program does not mean my expectation is to allow the software to run completely amok and cause problems while 'protecting' itself. That would be like saying if you let someone into your house, they are allowed to steal or wreck everything you own. Hey, you let 'em in!

    The real world is more complicated than that. And I'm delighted to see the real world beginning to enter into software issues too.

  • Here's a counterexample.

    Do you want to be able to say "Trust me" to the RIAA, MPAA etc ad nauseam when they want to get permission to log onto your computer and scan it for copyrighted material? Do you want an ironclad legal defense stating that they have no business snooping around your property? Do you want to be able to run software they might be involved with, and not risk the possibility that they will use it as a trojan to hunt down copyrighted material and delete it or report you to the police?

    Do you want to be able to say "Trust me" and be certain that if they then try to spy on you, infiltrate your system, or destroy your data, that THEY will be the criminals in that case?

    Or would you like them to be able to do all this and then turn you over to the authorities if they find anything they think is incriminating?

    Our 'cyberspace property rights' are way weaker than physical property rights. Having this change is not necessarily a bad thing.

  • Bah. *waves paw*

    The justice system of the United States Of America already disagrees with you on the last bit. Just because said system also permits appeals doesn't change that. And selling bare machines is _strongly_ discouraged- by Microsoft. You may not want to know what they can do to you if you persist in doing so.

    I knew perfectly well I was pushing it with my first example, hence the 'or more plausibly'. It's pretty unlikely that they will ever not be allowed to cease supporting stuff. It is, however, possible that they will not be allowed to gratituously break stuff that used to work- and this is precisely what they are in the process of doing.

    Astroturf much? ;)

  • You're still talking about lobbyists and corruption. We already _have_ those. I'm talking about justice, and I know it seems like a strange, strange idea but I think justice exists. This sort of thing opens up areas that _can_ be used to also argue for the existence of digital private property. I'm saying that given that capacity they _will_ be used- that lawyers of all persuasions will hammer out a notion of digital property that seems consistent. If it's not, it's just asking for some case law to be piled onto it to knock the inconsistency out of it.

    It's a bit of a red flag for me simply that you use the term 'the free market' twice. Sounds like a libertarian perspective, and you're not necessarily going to see it backed by the courts. It's pretty well accepted that limitations on this consumer ability to examine are expected- that the legal system tries to strike a balance between the wish of a seller to con the buyer, and the wish of a buyer to 'make a rational choice' (HA!).

    By the same token, it's pretty well accepted that 'consumers' can't even voluntarily waive their rights completely- if you say "here's three cents off, and if it kills you we're not liable!" it won't stand up in court if the thing does kill somebody, because people don't go around making rational decisions all the time. For this reason, post-sale control of goods and services has an uphill battle if it wants to get to where the copyright lobby wants it- and in fact book publishers have already lost this battle, which is why there's case law on first sale rights.

    The only thing that _can_ affect corporate entities is law and terrorism. But law _does_ affect corporate entities. You're personalising them and that's a mistake. If law says they've gotta do something, they may weasel but it's really not in the interests of the shareholders for them to try to overthrow the law itself- bad PR, poor chances, not a win. It's the legacy of Microsoft that's confused you about this, because Microsoft is an insane corporation and would _much_ rather overthrow law and justice than please the stockholders. MS has control issues. You can't generalise that to all corporations.

  • This is a GOOD article (Score:5)

    by Chris Johnson ( 580 ) on Sunday June 10, 2001 @02:40PM (#161842) Homepage Journal
    "Technical measures implemented by the computer owner protect and control his property, while technical measures implemented by copyright owners provide control over their work at the expense of the computer owner."

    This is a _good_ article. Law and justice that doesn't have two sides is no law at all... this article goes a long way towards presenting a concept of digital property rights that is _local_.

    There is a lot of money and power behind content creators, copyright holders etc. saying "we own this, it is OUR property, therefore we get to scan your computer, send back information to the mothership, and if you are a criminal we get to delete stolen goods off your hard drive, you pirate you! You miscreant!"

    The thing is, _law_ sees this and comes back with "If you're saying that is property, wouldn't the person's hard disk be property too? As in 'not yours', as in 'you are a guest but they bought it and own it and live in it'?"

    That's the beauty of law and justice- it balances, in time. The inevitable result of pushing for extensive 'property' law regarding copyright etc. is to also cast light on the subject of what kind of property a person's datasphere is.

    I even wrote an essay on this in November 1998: it's at http://www.airwindows.com/fiction/essays/Hotel.htm l [airwindows.com]. When you operate a computer it is like you are moving your stuff around on virtual property: you put something somewhere. Does a company have a right to move it to somewhere else? To pile stuff next to it obscuring it? To paint it a different color, or dust it off? To remove, discard it, set it on fire, impound it as evidence?

    The fact that all of this seems totally permissible only shows that law hasn't begun thinking about these issues yet.

    You can't have it both ways- if I am forbidden even to portscan a company, then the company is forbidden to go over _my_ computer either. It's analogous. If we're tightening the protections for company-owned 'cyberspace' we're also laying a precedent for tighter protections on privately owned cyberspace.

    In the future it may be ILLEGAL for Microsoft to shut off the mp3 encoding in its software and force people to migrate to WMA- or more plausibly, it may be ILLEGAL for them to take a WMA file that was once functional and render it nonfunctional arbitrarily if you don't cough up a license fee. It may also be illegal for them to place restrictions on OEM desktops- on the basis that they make the building materials, the OEM builds the house, the customer buys it and moves in. There is no compelling argument that they must be able to prohibit the OEM from decorating the 'house' as they see fit.

    Very interesting stuff in this article, and grounds for hope :)

  • Ok, let's pretend I'm really filthy rich and looking for a bank to put my money.

    If I ask to see their security, chances are the bank will be more than willing to do so. If I suggest testing their security for weak points, they may also be willing to work with me if I'm worth a really filthy amount.

    If however I do so by attempting to break in to all the banks in town to see which ones have weak security, witout asking first.

    Would it come as any surprise to end up in jail?

    I understand your point, but you need to ask permission. If permission isn't granted, then maybe you should move on to the next provider, until you actually find one who will let you.

  • Re:this is true (Score:3)

    by sheldon ( 2322 ) on Sunday June 10, 2001 @03:58PM (#161845)
    Guns don't kill people.

    It's the damn bullets!
  • Did it ever occur to you that maybe the people who post stories don't check k5 every time they post a story? They post stories off the submission queue...if you want to complain, complain to the person who submitted it.
  • I have been known to portscan port 80 on a slow day to see if there are any local webpages on the network. Same with newservers and other interesting ports of communication. Looks like a walk through the neighborhood to visit interesting characters will soon be outlawed.

    Shame people don't believe in locks to spoil it for those of us who like to visit those who wish to open up communication ports to be friendly.
  • Guns can also be used for hunting purposes for us that prefer eating tasty animals that haven't been pumped up with steriods and antibiotics, raised on cruel slaughterfarm camps. What a life for a cow. I prefer wild deer

    Portscanning can also be used for searching sites that haven't been shamelessly advertised through marketing. Such rare gems are often found to be representative of local communities. I prefer folks who take the initiative to put up something personal, but haven't spammed their links everywhere. You'd be surprised at what you can find through portscanning httpd, finger, ntalk, etc...

  • Re:Why portscanning must be legal. (Score:5)

    by dattaway ( 3088 ) on Sunday June 10, 2001 @02:25PM (#161849) Homepage Journal
    The policy for specifying what is allowed and not allowed is simply closing the damn port in the first place.
  • I think your's is a bad analogy. Port scanning is much less intrusive than what you describe.

    I like the door knocking ananlogy... on the scale of 1024 doors :)

    Steve

  • In a single FTP session, you can end up using any free port on the machine to do the file transfer.

    But that conversation is part of the FTP session, and is (or can be) logged as such. You wouldn't connect to a random port without requesting a file transfer from ann FTP server, assuming I even have an FTP server running on my computer, which I don't.

    The list the guy mentions isn't meant to be an exhaustive list of services which are considered "public". Replace the list with the phrase "commonly provided services". And interpret the names of the services, instead of the ports for the names. If you want to run your telnet port on 23000 instead of 23 to avoid a firewall somewhere, more power to you. And no company would provide a service without also providing a direct way to the service, unless they intend for that service to remain undetected, in which case it's probably not a service that should be running anyway (like the telnet port at 23000 to avoid the firewall).


    This space for rent. Call 1-800-STEAK4U

  • A port scan can be defined as any exploration, brute-force or directed, of the available services on a computer not belonging to you with the intent of utilizing those services is a manner not intended by the provider of those services.

    • If you run nmap over my computer from port 1 to port 2047 to see what's there, you're port scanning
    • If you scan your subnet for open port 25's, you're port scanning
    • If you're trying to connect to my FTP server when I have never advertised an FTP server for public availability, you're port scanning.
    • If you're wget'ing my entire web server, you're not port scanning, because I've provided the web service. If I didn't want you robot'ing my site, I would have set up robots.txt.

    Does that make sense?


    This space for rent. Call 1-800-STEAK4U

  • IANAL.

    the "expectation of privacy" doesn't mean shit. There is nothing that actually PROTECTS our privacy. We just assume that laws should... Tough shit for us I suppose.
  • yep, you cannot do that. If you don't trust them, go somewhere else. You don't own the machines, you cannot scan them.
  • but no one is looking for the "main" entrance are they? They are looking to see if the "Staff Only" doors are unlocked when no one is around..
  • This made me laugh. Portscanning and murder are the same thing?
  • So is my computer.

    Yep. But your ports aren't property. They aren't even corporeal.

    Interesting. Please point me to the legal agreement I signed which states that - you ought to have no difficulty if your assertion is true.

    It has nothing to do with a legal agreement. The Internet is a public internetwork by definition. It's like standing on a public highway.

    My system is my system, for use by me and those whom I authorise to use it, and NO-ONE ELSE.

    I suggest you disconnect your machine from the Internet. Or buy a good firewall, if you want to be more reasonable about things.

    If you portscan my system, I wanna know WHY, and you better have a bloody good reason for it.

    Red herring. We're talking about a law that forbids port scanning of *any system*, NOT YOUR SYSTEM. And, believe it or not, there are legitimate reasons to check the security of ports on other hosts. Like checking up on your ISPs security claims. Or checking your OWN systems. And if you don't think that would be illegal too, you don't know the government very well. ;-)


  • I don't know about google but there are commercial companies out there that do portscanning as part of their businessmodel.

    Here is one:

    May 15 03:32:39 209.211.205.56:37301 -> xxx.xx.65.88:80 SYN ******S*
    May 15 03:32:39 209.211.205.56:37278 -> xxx.xx.65.65:80 SYN ******S*
    May 15 03:32:39 209.211.205.56:37285 -> xxx.xx.65.72:80 SYN ******S*
    May 15 03:32:39 209.211.205.56:37286 -> xxx.xx.65.73:80 SYN ******S*
    May 15 03:32:39 209.211.205.56:37287 -> xxx.xx.65.74:80 SYN ******S*
    May 15 03:32:39 209.211.205.56:37291 -> xxx.xx.65.78:80 SYN ******S*
    May 15 03:32:39 209.211.205.56:37293 -> xxx.xx.65.80:80 SYN ******S*
    May 15 03:32:39 209.211.205.56:37294 -> xxx.xx.65.81:80 SYN ******S*
    May 15 03:32:39 209.211.205.56:37298 -> xxx.xx.65.85:80 SYN ******S*
    May 15 03:32:39 209.211.205.56:37302 -> xxx.xx.65.89:80 SYN ******S*

    --
    echo '[q]sa[ln0=aln80~Psnlbx]16isb15CB32EF3AF9C0E5D7272 C3AF4F2snlbxq'|dc

  • Search Engines ? (Score:5)

    by AftanGustur ( 7715 ) on Sunday June 10, 2001 @01:16PM (#161881) Homepage

    Does this mean that Google and company can now be found guilty when searching for open port 80 on networks ?

    How about search engines that look for open 21(ftp) port ? , How about gopher ? CIFS (Common Internet filesystem) ? Hmmmm Interesting ..
    --
    echo '[q]sa[ln0=aln80~Psnlbx]16isb15CB32EF3AF9C0E5D7272 C3AF4F2snlbxq'|dc

  • case law (Score:3)

    by josepha48 ( 13953 ) on Sunday June 10, 2001 @07:45PM (#161883) Journal
    Usually case law outweighs some lawyers interpretation of the law. Since there is already a case that discusses that port scanning is NOT against the law, then it woudl be a matter of him obverturning this decision and proving it wrong. It also depends on which court these decisions were made (I am referring to US couts). Supreme Court decisions can be overturned, but they need another case to ..

    I don't want a lot, I just want it all!
    Flame away, I have a hose!

  • The difference is that they force you to use the alpha versions, whether you want to or not.

    Caution: Now approaching the (technological) singularity.
    • I scan my own boxes to check for anything suspicious.
    • I scan my friends' (who have requested it) boxes to do same.
    • I scan boxes that have scanned me.
    • I scan boxes that I am having problems with in order to diagnose the problem.
    • One time I TCP SYN scanned my entire class B, but that was before I grew scruples.

    Analogies:
    • Rattling all of your windows and doors to check for problems.
    • The same for friends who have asked.
    • Following a snoop home and rattling his doors and windows.
    • Going to meet someone (possibly a stranger) at their home and rattling all the doors and windows when they don't answer the door
    • Selling Avon at every door and window of every house in the neighborhood.

    The third bullet is definitely questionable as far as this lawyer's analysis goes, but nmap is most certainly not illegal, witness bullet points one, two, and four. Five is just stupid.
  • But, just opening Network Neighborhood/My Network Places scans CIFS, doesn't it? Does this mean that Microsoft is breaking the law by including this criminal toolkit in Windows? ;)

    --

  • Re:Guh? (Score:3)

    by dillon_rinker ( 17944 ) on Sunday June 10, 2001 @06:48PM (#161888) Homepage
    I've read several responses to your post, all agreeing that the article is written at a pretty high level. I'd suggest that it's not "lawyer's English" - it's "bad English." In most cases, you can understand the author's intent, but it's badly in need of some editing.

    - 1st paragraph, 2nd sentence:
    Particularly, laws made to protect computers on the Internet and computer security are applied unpredictably.
    Laws made to protect computer security? How do you protect security? Or does he mean computer security is applied unpredictably? What?

    - 2nd para., 2nd sent.
    This article assumes that legal decisions about the Internet will continue to be based in partially on property rights.
    Either the word 'in' or the phrase 'partially on' need to be deleted.

    - 2nd para, 3rd sent.
    Without property rights, computer owners may not be willing to connect to the Internet if their computers can be abused without legal remedy.
    With property rights, computer owners will not be willing to connect to the Internet if their computers can be abused without legal remedy. So what's his point?

    /me gives up in disgust and then notices byline, at the very beginning:
    Ethan Preston expects to receive his J.D. from the Georgetown University Law Center in 2001.
    Right... and I expect to be made emperor in 2001. I'll never hire a Georgetown alumnus if Ethan makes the grade.
  • I'll begin with this...

    The people that insist that port scanning should be legal miss the fact that it should be legal ONLY for the sysadmins of that particular network, not for every idiot that thinks he/she should have the 'freedom' to scan a network that doesn't belong to him/her.

    A stated law that makes it clear that port scanning is illegal for those outside of that networks system administrators gives people the tool to go after those who scan networks for holes that they can exploit. For instance, on my dialup connection I regularly get scanned for SubSeven and NetBus. These people are looking specifically for those ports, and the only reason they are scanning those ports is to find a machine that has been compromised that they can get into. Those that advocate being able to run port scans on networks that they don't admin could also use the same argument that it's ok to attempt a robbery as long as the attempt isn't successfull.

    But, I do expect the whole concept here to fall on deaf ears (or blind eye's as it were), since it seems that Slashdot has become a haven for the script kiddie crowd.

  • Re:Guh? (Score:4)

    by Mike Schiraldi ( 18296 ) on Sunday June 10, 2001 @02:42PM (#161891) Homepage Journal
    It might seem that way to someone studying law at a school so prestigous and selective, where the current and former members of the student body are surely the most brilliant and ambitious of all academia, but if i may speak for the Slashdot crowd, it's a little boggling for us. Sure, i can't point to any one part and say, "Yeah, right here is where it's confusing." Any little part makes sense. But trying to swallow and digest it is rather difficult for someone not used to reading such documents.

    It's kinda like showing a proof of Godel's Incompleteness Theory to someone not versed in math. Each step of the process is simple and straightforward, but as a whole it's tough for an untrained mind to grasp and follow along.

    --

  • Guh? (Score:5)

    by Mike Schiraldi ( 18296 ) on Sunday June 10, 2001 @12:40PM (#161892) Homepage Journal
    Anyone know when Babelfish's "Lawyer to English" translation will be available?

    --

  • an operating system that performs connections automatically

    A netboot machine? Windos with nthe "network neighborhood"? Most connections require a userspace program to request a connection. Contrary to Micros~1 propaganda, a web browser isn't really a standard operating system component.

    Or were you referring to nmap not using the OS routines to attempt the connect? If so, then you're just wrong since it does use the OS routines.

    Secondly, blah blah blah

    It's usually considered bad form to change definitions in the middle of a debate.

    So you're telling me you've never done an HTTP GET just to determine if the webserver is running? Oh no, port scan! Anyway, next time I portscan you i'll just be sure to send a GET request and you'll consider it not-a-port-scan.

    This is similar in attitude to the "admins that dont patch their systems deserve to get cr/hacked", and almost as ridiculous

    Go Straw Man! I'll just ignore this comment.

    or implicitely (eg. setting up a website)

    "I was just checking to see if that's what you had done!". Or is that a portscan, because i didn't magically know the instant you did so?

    The sad fact is that many people don't seem to really understand the Internet. That's why we have parents expecting that the internet should fit their morality even though anyone can publish, governments thinking they can legislate it, and people like you thinking "no! don't even look at me!" is a basic right.

    -----

  • If you go up and down the street knocking on people's doors in order to find out who is not at home, then you are "casing". And that is a crime.
  • Absolutely not! Girl Scouts knocking on doors are specifically looking for people at home. Ditto for Jehovah's Witnesses, Mormons and trick-or-treaters. Casing is when you knock on doors (or perform other activities) to find out who is NOT at home. Big difference. Huge difference.

    Go around your neighborhood. Knock on all the doors. When someone answers, politely say "Oh! I'm sorry, I didn't expect you to be home. I'll come back later." Within minutes someone's going to call the cops on you.
  • Actually, I often find sites by typing in an address directly.

    If I want to read the news, should I click on a link from Netscape's Netcenter (The only page I could assume exists, because they give it to me by default) and try to find a link to a website that might be affiliated with CNN?

    Or should I just guess at the URL and try www.cnn.com?

    When I was looking up a motherboard for a friend I tried www.gigabyte.com. What if that hadn't been for the company I was looking for? Would I be a lawbreaker?

    Get over it.

    If someone tries to connect to standard services, that's legit. These services don't announce themselves. It's like trying to find a hotdog vendor at a sporting event, but one where they didn't dress differently than anyone else, didn't advertise, or even carry hotdogs.

    But, I assume, in your world, that it'd be illegal to go around asking if people sold hot-dogs, or if they could point you to someone who did.

  • Re:Why portscanning must be legal. (Score:3)

    by WNight ( 23683 ) on Monday June 11, 2001 @10:37AM (#161905) Homepage
    Port scanning IS passive.

    In the bank analogy, how do you know if they have a door or a window? Photons from the sun bounce off of it and hit your eye in a recognizable pattern.

    How would you do this on a cloudy night? A flashlight perhaps?

    There's no way (asside from sending out continual broadcast messages from everyone) for a server to broadcast that it is serving something. You simply have to ask. Portscanning is how you do that. You ask if they are serving files. How about web pages? How about ...

    Now, you could make up some convoluted scenario where the bank had photo-cells in the windows to detect if it was night, and your flashlight, unlawfully shined into their windows, blah blah blah...

    This would be like if you were scanning for someone sharing files, you check FTP, HTTP, Windows networking, etc... Now maybe someone has a misconfigured program that instead of saying 'No', crashes when asked.

    But that's not your fault, you were just asking a question.

    If you exploited this, by asking over and over, it'd be akin to harassment. An otherwise legal action would be forbidden by context.

    Similarly, portscanning should be legal. It's the way the network works. But malicious use of portscanning, or portscanning connected to a crime, wouldn't be legal.
  • "If nmap is illegal, than only criminals will have nmap"
  • Perhaps a friendly call to them to get permission first?

  • No, I haven't, but you probably haven't either. Don't know until you try and all that. Personally, if someone called me (preferably someone who had already requested info on hosting services from me) and made such a request, I'd probably allow it.

  • Well, actually, I'm not sure that's the case. The author lists two references for that one particular sentence:

    TIMOTHY PARKER, TEACH YOURSELF TCP/IP IN 14 DAYS Page 1-50 (2nd ed. 1996); Jason Yanowitz, Under the hood of the Internet

    An overview of the TCP/IP Protocol Suite at http://info.acm.org/crossroads/xrds1-1/tcpjpy.html (modified Jan. 20, 2000).

    Though I would rather he read the Stevens book as opposed to some "teach yourself something in 14 days" the fact remains that he is right. Though separating the process of communications into layers is an academic exercise and not a technical one. The TCP/IP model and the DOD model both have 4 layers. The OSI model has 7 layers, much like that burrito from taco bell.

    Check out this link [dalantech.com] for differences between the three.
  • Killing people might actually have a useful purpose once in a while. But I still like the idea of keeping it illegal. The fact that the act can be committed from overseas doesn't mean that it shouldn't be a crime. Nor does criminalization mean that you shouldn't defend against port scanners. It is illegal to steal a car; every car sold still has locks and a keyed ignition. You can't count on the law to find and prosecute the one who attacks you; that's not a complaint about the law, just the fact that they are only human. So you defend yourself with firewalls, burglar alarms, and pepper spray, cooperate with the law when you are attacked, and let the law simply reduce the number of jerks willing to attack you.
  • The point was connecting to a public network for *purely* private purposes is inherently retarded, as in: connecting top secret millitary computers to the internet, connecting your corporate intranet with all of your trade secrets to the internet, connecting your electric power grid controllers to the internet.

    Usernames and Passwords are used when a specific subset of the *public* need to connect to publicly accessable computers. Connecting to a public network and expecting *not* to get portscanned or *not* to get connected to is just stupid.

    -- iCEBaLM
  • Like connecting a private driveway to a public road and never expecting anyone to look at it or the occasional stranger using it to turn around.

    -- iCEBaLM
  • Crime, eh?

    Okay, suppose someone passes such a law. How the hell is the law going to be enforced?

    On the defensive side, you really have no idea whether the host you're being scanned from is really where the packets are coming from, so you could end up throwing your lawyers at host A whilst on host B the "real" scanner is laughing at your expense and looking for someone else to spoof.

    On the offensive side, you could outlaw tools like nmap, to prevent people from scanning in the first place. If the lesson from DeCSS means anything, making nmap illegal will not hinder anyone's access to it, except people who have a legitimate need to use such tools.

    You could license use of scanning tools, e.g. to "Certified Systems Administrators," but that won't slow down the black hats any (see above), and just make the life of a sysadmin more difficult.

    Laws against portscanning would be unenforcable; time better spent securing systems so they don't get cracked in the first place, and leveraging existing laws against the people who *do* break into systems.

  • Bad analogy (Score:3)

    by ttfkam ( 37064 ) on Sunday June 10, 2001 @07:28PM (#161917) Homepage Journal
    Port scanning is like looking at a house from across the street. The equivalent of "crawling around someone's house rattling doorknobs, windows, mailboxes, air ducts, rooftop hatches, basement doors, garage doors, electric panel doors, gas valves, water valves, sewer vent lines, outdoor outlets, chimney openings, stove vents" is sending known exploit code to the port in order to see if you can get unauthorized access. It's not even like looking in the windows. A port scan tells you nothing more about a computer than seeing that a window on the second floor has been left open.

    The first could be used in the sense of "casing the joint," but it could also be a case of looking at the architecture of the houses on the block without the owners' permission. It may make some people uncomfortable, but it's hardly illegal. A port scan is the closest thing to a look-but-don't -touch on the Net today.

    If port scanning is found to be illegal, would a bare ping to see if a site is up and running be made illegal in the future as well? Beware the slippery-slope. We need to make sure that there is a difference in law between commiting a crime and having the potential to commit a crime.

    If a script kiddie starts trying known exploits against your box, THAT should be seen as a crime. They are totally trying the vents to see if it's loose so that they can gain access. This is a clear, distinct, and unambiguous step beyond a port scan.
  • Too often these days we see those who are empowered in our society, either by money, political or social position, seeking further extensions of that power. The law, it seems, wasn't enough.

    The RIAA and MPAA were tremendously well-protected under the Copyright Act, without more. But that was not enough. Dissatisfied with the existing provisions of the Act, carefully negotiated by careful balancing of public policies, they went for the raw power-grab, and obtained rights in gross through the MPAA, making it a crime and actionable to circumvent copyright protection technology, even when the technology circumvention does not give rise to an infringement.

    Likewise with trademarks, the AntiCybersquatting Act and trademark dilution.

    Likewise here, with the proposed "don't peek" provisions. Again, the Congress carefully drafted (well, its a mess, but its what they gave us) the Computer Fraud and Abuse Act and the Electronic Communications Protection Act, with all its powers and limitations, to prevent certain kinds, but not all kinds, of hackery. Congress expressly limited de minimus impositions costing less than $5,000 per year, such as pings, from the CFAA, precisely to protect overreaching machine-owners and, if you will, "to permit the spice to flow" as internet technologies develop.

    But the powers that be are always seeking yet another way. We no longer need the CFAA, with all of its policy-balancing limitations and exceptions. Instead, let's just make it illegal to ping, if I'm powerful enough to sue your patents off, and watch you squirm under the power of my legal sledgehammer.

    This is, simply put, the wrong thing to do. If we are going to empower people to protect legitimate interests, we must carefully carve out the abuse of that power to protect other interests; and make it cost the nasty plaintiffs when they lose.

    I do not condone computer crime, and portscanning is a blight upon mine eyes. But we shouldn't make it criminal or actionable when it doesn't rise to the level of meaningful denial of service, and we should wait until a computer crime is actually committed before we go after someone for a computer crime.

    Otherwise, we simply empower the powerful to prey upon the weak. That will always happen, of course as a force of nature -- but we needn't write it into the law.

    It is time to STOP changing the law to circumvent public policy, just to appease the few powerful enough to lobby the Congress. Yes, this sounds good, and the argument of the article, while not persuasive, cannot be ignored without reasoned comment. But it is bad for the net, and it is bad for America. We don't need to arrest woeful pingers, just because it would facilitate catching a few real bad guys who are otherwise slipping through the cracks.

    That's too much and not enough good law.
  • Verra dangerous, imho, because it's horrdily broad. Building a massive microwave generator and pointing it at your neighbor's house would be legal.

    ----
  • "Port scanning has nothing to do with breaking in."

    You have got to be kidding me. Every hack starts with a portscan. When you say "looking" what you really mean is "casing the joint". You are walking around my house and trying to figure out how best to break in. What possible legitemate reason do YOU have for portscanning? If you want to know if I have FTP services for you ask me, better yet presume that it's not there becuase I did not tell you about it. If I wanted you to access my computer via FTP I would have let you know.
    Also It's one thing wonder about wheather or not I have an FTP server and it's another to scan every single port on my machine. What is your justification for that?

    I tell people to use portsentry. That way they can immediately blackhole anybody who does a portscan. Anybody who does a portscan is doing it because they want to hack your system. There is no other reason to do one.
  • All cracks start with a portscan. Maybe in the one to two percent of the cases a portscan is done for benign reasons but really even you have to admit that most of the people portscanning you want to see if they can break in. Use portsentry and black hole people who portscan you. You'll see how many of them complain that they can't finish their portscan.
  • Why are you seeing if a port is open? Better yet why do you want to know about the status of every single port on my machine? DO I know you? Did I say I was going to provide some service for you on my computer? Did I tell you about some service and forget to tell you the port?

    Be honest. People running portscans are doing it because they want to hack your machine.
  • If he wanted you to play his game he would have told you about the port.
  • "Without portscanning, how do you find out what services a host provides to the public?"

    Here is a novel idea.

    Presume that there is no public services unless you have been told about them by the people who own the server. They are not obligated to provide you with anything. If a service is not advertised or nobody told you about it why are you looking for it?
  • I guess it's intent then huh?

    BTW if you are in some neighborhood and are going around houses and taking pictures (you are logging your portscan right?) and such people will call the police. The police might take you downtown and have a talk with you. If you are able convince them that you are simply studying architecture then they'll probably let you go. If they don't buy it they will tell you to move along and file a report.

    I just want the same right. If I see you portscan me I want to be able to call the police.
  • "Trying doors and windows: Using packaged exploits (parallels: It's easy; if it succeeds you are now able to walk around and do what you want; and any responsible person would have taken the simple measures to prevent its effectiveness)"

    Nevertheless this could get you arrested. If you actually walk in then it's breaking and entering. Trying the door is actually trespassing because at that moment you are in my property. It could be argued that the minute you leave the sidewalk you are tresspassing in my property. The analog of that might be that the minute you probe a port without an advertised service you are a criminal.
  • Yup. As in don't come to my house unless you are invited. I am under no obligation to provide web services for you and unless I have told you that I am you should not check. Just presume I am not and go on your merry way. You have no right to check to see what I am providing to whom.
  • "a lot of people who do have a good reason to scan there "

    the only persons who have a good reason to scan are me and ony persons that I give specific permission to. Everybody else is doing it because they are trying to see if they can hack into my system.
  • Unfortunately this is a slippery slope argument. What If I lock my door but the lock can be jimmied easaliy? What if somebody on the internet developes a skeleton key which now opens every lock with that brand? Now what? I locked my door like a responsible citizen but some script kiddie got a hold of a skeleton key and ransacked my house. Is it still my fault?

    The problem is that even though you may be relatively responsible person there are bound to be security hacks that you don't know about. The burden should not be on me. IT should be on the person doing the breaking and entering. You can't just say but you should have changed your lock, it was known for three days that this skeleton key was in circulation.
  • Anybody can DOS you anytime they want. There is nothing you can do about it.

    Portsentry listens on ports you tell it to and when it detects a scan it can immediately run an ipchains rule to blakhole your ip address.
  • 99 percent of all port scans being done are a prelude to an attack on your system. If somebody is portscanning your system you can be 99% sure they are looking to break into your system.

    "And what about the suggestion that portscans should be used to verify the security claims of ISPs before subscribing."

    Simple. Call up the ISP and ask for permission to do a portscan. If they don't let you move, on to another one.

  • Just because people are ripping of their employees that does not mean the portscanners should get a free ride. People do have the capability to worry about more then one security problem at a time. Some breaches are due to internal employees and some breaches are due to external hackers.

    Just as internal employees are punished severely if caught so should the portscanners and the hackers.

    Oh BTW are you seriously suggesting that crackers don't start with a nmap first thing? They just let loose with an attack on a random port without first checking to see if that port is available?
  • Because logs are for after the fact. Logs don't prevent you from being hacked. Sure you can take precautions and you should but tripwire will tell you after the fact that you have been hacked. There is always cause to be afraid.

    Hackers will attack your system via exploits that may not be known to you or even to the general public. There is always some delay between a hack being discovered and being published and fixed. So that "necessary" port may be sitting duck for a buffer exploit and you don't even know it yet. Also any hacker anywhere in the world can DOS you with off the shelf kits and there is nothing you can do about it.

    I will restate. Anybody who is doing a portscan of your system is most probably looking to crack it. Maybe one or two percent of portscans are accidents or legitamate but the vast majority of them are people who are looking to take over your machine and commit crimes. If you detect a portscan you can be 99% sure the person who just portscanned you was looking to see they could break in. They have criminal intent.
  • Internet started with a small set of highly trusted people and hosts. All of the core internet protocols have this trust presumption built into them. It's not the same world now. Sorry.

    The days of leaving your server open to mail relay, rpc etc are long gone and will never come back thanks to the legion of script kiddies who have nothing to do but crack other machines and launch DDOS attacks against anybody they want to.

    So no you may NOT presume that I am giving you something. You may NOT presume that any service I have on my machine is for you. Do not try to connect to my machine unless you know there is a service there AND have been told so via advertising, links, email, phone or otherwise that you are welcome it.
    It's my machine and you keep your hands off it.
    You have no reason to port scan me. NONE. If you are port scanning me it can only mean you mean to crack it.

  • Well sure it's in the INTENT. If I have a DHCP server then my INTENT is that this server serve my network. If OTOH a random person portscans my machine what possible INTENT might they have except to see if they can break in? The INTENT of 99% of portscanners is to break into your system if they can. What other possible INTENT could they have?

    BTW apparantly you are not able to grasp the difference between the INTENT of a DHCP server or client (set up by me) to probe a specific port and the INTENT of a script kiddie to scan every port on every system on your network.

    Yes I agree though it's all in the INTENT.
  • Bullshit. Loitering is against the law. The job of the police is to enforce the law and safeguard the citizens. If a citizen is feeling threatened by a suspicious person hanging around their neighborhood circling peoples houses and taking pictures of them it's the duty of the police to investigate who this person is and what they are doing.

    You just want to commit crimes without the police getting in your face about it, so you whine about abuse of power. The real abuse of power is some script kiddie running a DDOS just because they can, or cracking into some system just because it's fun. Some people have no conscience and others are able to justify any destructive act they may have committed with pseudo political rants. We just put one of those guys in the grave today (McVeigh in case you never leave your computer) and I hope we put all the script kiddies in their place too. Behind bars.
  • Yes of course holding script kiddies responsible for their actions is exactly like shooting old ladies who have accidentally wondered into your property.
  • No I am not. Sorry the web is full of people who have nothing better to do then to hack into peoples computers just for fun. Not for altruism, not for profit just to have some fun and cause some damage.

  • What a bunch of crap.

    First of all a tool that is used 99% of the time in criminal activity and 1% of the time in non criminal activity will be either illegal or highly regulated. All kinds of chemicals and drugs fall under this classification. You can't go into a drug store and buy heroin but a doctor can prescribe it for you. They are not illegal to have but require licensing, registration etc. In the real world it's not all or nothing.

    There is no reason why something like that can not be set up to prevent hackers from portscanning your machine.

  • I hope and pray that the day will come where the TCP/IP protocol will be in such a condition that I will be instantly able to track down any portscanner. When Packets can't be spoofed, when return adressed can't be forged, and when people will be held personally responsible for their acts of vandalism. When such a day comes I will be the first in line to press charges against anybody who portscans my system and make them pay for taking up my bandwidth and my processing power even it's only ten cents. I will also fight to make these actions criminal, I will lobby my congresspeople and I will tell anybody who listens. Until people end up jail for cracking systems cracking will go on. Until we fix the protocols which allow people to unleash distruction anonymously we will all be victims of smart aleck 13 year old script kiddies with nothing to do but jerk off to pr0n and destroy other peoples property because they can't get laid and have to realese their sexual frustration by being destructive.
  • Once again you seem to fail to understand the INTENT of a misconfigured router.

    If people portscanned you and then moved it's because they saw nothing interesting. If you had a vulnaribility they would have stopped and rooted you. Good job. Just hope that one day some snot nosed kid isn't going to find out about some vulnaribility before you do.
  • Go back re-read the thread. Nobody said anything about walking by and looking at the house. The analogy in question is snooping around the house, taking pictures, rattling doors etc. This activity is criminal. I hope to hell my neighbors call the cops if they see anybody around my house acting like that and I hope to hell the police stop the guy and ask him what the hell he is up to. I hope to hell there will be similar mechanism for port scanners where they will be stopped and questioned about their intent.
  • I would outlaw port scanning without permission. That's all. If you want to portscan me just ask I might let you otherwise it's tresspassing. Of course something like this would be hard to enforce given the state of TCP/IP as it is today but one day your ability to spoof will be gone and I will dance in the streets. But then again tresspassing is hard to enforce too if you have a 300 acre ranch. Somehow it's still illegal though.
  • If you refuse to accept the analogy I guess that's that then there is no arguing with you. You claim that you should be able to portscan my machine at will for any purpose whatsoever as often as you like without consequences. Well I say screw that. It's my machine and keep your hands off of it. If I want you to use it I will let you know when and how you may use it. Otherwise keep off of my property.
    Is that so hard to understand? Why do you feel like you should be able to do whatever you want to my machine? What other property gives you this kind of a right?
  • I would agree to disagree except that you keep insisting that a port on my machine, set up by me, for my purposes, using bandwidth I paid for by me is somehow not my property.
  • It will one day because it's logical and consistent with our current concepts of property. Many people have ranches spanning many acres which are not fenced but it's still illegal for you to step on that land, bike through it, hunt on it etc. You may claim that it causes no harm to walk through their property or that because they have not fenced it you are free to walk about on it but it's still trespassing.
    Port scaning is tresspassing pure and simple. It matters not what your intention is or weather I have IPchains rules to stop you. BTW even if I do have firewall rules you are still eating up my bandwidth and my CPU cyles and my hard drive space by port scanning me.

    In america property rights are very vigorously defended. Using other peoples property without permission is illegal in most cases and will one day be illegal in this case too. It's just a matter of time for technology to catch up so it can be enforced. Hopefully IPv6 will take us a huge step in that direction and I can't wait.
  • False on both accounts.

    Even intangible things like ideas, concepts, songs, plans, etc are considered property and have legal status of ownership. Furthermore the port exists only because a machine exists. That machine is mine, the post is on the machine and therefore the port is mine.

    Even if you don't do "damage" I can argue that your portscan cost me money. It cost me money because you used my bandwidth, it cost me money becuase you used my CPU cycles, it cost me money because you used my hard drive space and it cost me money because I had to analyze that log to try and see it you were up to no good. It cost me tangible money and tangible time. Even if each portscan cost me five or ten dollars it adds up ove the lifespan of the machine. I suppose I could ignore my logs but that too would cost me even more money in the long run.
  • No matter what you think of intellectual property the fact remains that it's the law of the land. There are a whole host of "intangible" things like copyright etc that are coded into the law as property.

    I really don't think you can actually try and argue that a port does not exist. If it does not exist why are you scanning it? what are you scanning? Even in the one in a billion chance that a judge actually bought that argument you can not argue that the bandwidth you took up didn't exist, that my CPU didn't exist, my hard drive didn't exist or that my time didn't exists. In other words the damage you caused was real no matter how ethereal or "unreal" the port was.
  • But you should be able to do that. You're simply examining a public interface. It's like walking downtown on a Sunday past various shops and things, and pulling on the doors to see if they're open. If they're open, you can assume that you can walk in and do business there. Of course, you still can't go into rooms that say "Staff Only.

    Without portscanning, how do you find out what services a host provides to the public? A website is not the answer, because there's no obligation for a host to set up an HTTP server just because they want to offer IRC. See purple.com [purple.com] for an example of this.
    ------

  • Have you ever actually tried to do this?

    There's no reason why I should have to phone 30 WSPs prior to scanning a public interface.
    ------

  • Two things:

    1. It's only "Staff Only" if there's a sign that explicitly says "Staff Only".
    2. The "Staff Only" analogy refers to exploting the services offered on the various public ports to gain additional access you shouldn't (like using the IIS/5.0 exploit to get a shell). It does not refer to simply accessing a port other than #80.

    ------
  • Maybe what's needed is a `System Policy Information Protocol' with a standard way of specifying what is and is not allowed on a specific host.
    ------
  • You would, and so would I, but try calling a Windows-centric tech support line. ("Let me talk to my supervisor... HOLD ... HOLD ... HOLD ... I'm sorry, we don't allow spamming from our networks. Oh. You want to do what, again? ... HOLD ...")
    ------
  • THANK YOU! I was hoping someone would say that.
    ------

  • Why portscanning must be legal. (Score:5)

    by Dwonis ( 52652 ) on Sunday June 10, 2001 @01:21PM (#161967)
    Let's say you're shopping around for a web hosting provider. A lot of them will say "secure and reliable", but you know that doesn't really mean anything. So, you decide to run a few trivial security checks on their servers, including running a port scan.

    Should you be deprived of the right to examine the quality of a service before buying it, especially when it wouldn't fall under "theft of services"? I think not.
    ------

  • The Physical Property Metaphor (Score:3)

    by Louis Savain ( 65843 ) on Sunday June 10, 2001 @01:02PM (#161977) Homepage
    How faithful can one be to the private property metaphor without getting into absurd comparisons? If port scanning is illegal, so should looking at someone's house, roof, lawn, doors, windows, etc...

  • Re:The nature of law (Score:3)

    by Speare ( 84249 ) on Sunday June 10, 2001 @01:01PM (#161988) Homepage Journal

    And if law were more like open source, it would be better?! Don't get me wrong... open source is fine for open source but not necessarily for law.

    Imagine a system of law in which each person could set up their own government, a system of rules to which nobody else had to conform or comply. Imagine the few most popular standards were only useable by the legislators and legal pundits for twenty or thirty years while the bugs were worked out. The general public wouldn't have the understanding to try any of the several governing distributions by themselves, so they'd have to rely on more experienced people to set up their systems. Over the years, hot contentions would organize blocs of specialists who fought for only one or two standards, even though the underlying system was still supposedly a free-to-be-an-individual system.

    Hm, the more I look at it, the US government resembles open source, too.

  • Huh? (Score:3)

    by pyth ( 87680 ) on Sunday June 10, 2001 @01:03PM (#161993)
    Shouldn't slashdot be making original material? This is copied straight out of kuro5hin [kuro5hin.org]. At least put a reference to K5 if you're gonna cutnpaste!

  • Re:Search Engines ? (Score:3)

    by (void*) ( 113680 ) on Monday June 11, 2001 @12:38AM (#162018)
    Boston Daily - Police have arrested a man, going by the name of Malcontent for gunning down an old lady in his front yard. The victim was a 84 year old Junice Jones who lived next door.

    Eliza Jones, her daughter was distraught when we attempted to contact her. `She's such a sweet old lady, Why would anyone want to hurt her?'

    When asked what she was doing on the neighbor's house, she only said she did not know. "She is very old, and her memory's not as good as before. She could have just wandered into the wrong house."

    Further queries as to why Malcontent could not recognise his own neighbor was asked. "I don't know - the fellow keeps to himself, his house and windows all locked all the time. He's very secretive. I remember a year ago, when little Annie from down the street ran to his house, after having falled down a tree and getting cut. She asked him for a bandaid, and he growled something about not presuming to offer bandaids. He is a very sullen and nasty fellow."

    Who is this Malcontent, and why did he commity this atricious act? Rumor as it that as POlice dragged him away, he was shouting something about a trespassing upon a private driveway. But that is an unconfirmed rumor, and as yet, we have idea of why exactly was going on through the mind of this unprovoked killing.

  • A law journal article on Slashdot? (Score:4)

    by CaseStudy ( 119864 ) on Sunday June 10, 2001 @01:11PM (#162026) Homepage
    I predict that this could set the record for the highest percentage of replies from people who didn't read the article.
  • Can someone point out to me where the article claims that nmap, or port scanning, is currently illegal? (Bonus points if you show evidence contrary to the claim. Hint: Moulton did not hold that port scanning was legal; it held that the claimant didn't show damages to the court's satisfaction, and specifically said that Moulton may be subject to criminal prosecution under the Georgia Computer Systems Protection Act.)

  • After reading through much of the article, I still fail to see how scanning a host's ports is any different from knocking on that host's various doors and windows, seeing if anybody's home, or giving that host's various telephone lines a ring. If you don't want people coming through a doorway, lock the door.

    If the right to portscan is overturned, how will a potential customer be able to discover whether or not the owner of a given host has given permission to connect via HTTP, FTP, SMTP, etc.?

  • Technical measures (Score:3)

    by Frank T. Lofaro Jr. ( 142215 ) on Sunday June 10, 2001 @02:09PM (#162047) Homepage
    In real world terms, computer owners should be able to assert their property rights (in the form of imposing liability) only when users have circumvented technical measures that should have prevented the litigated use. (from the article)

    2 problems:

    (1)Lack of security is an excuse to break in. If someone leaves the root password unset on a machine, or leaves off the security on their web server, the above would say it is legal to access whatever you want on that system - whether it is meant to be private or even if one is explicitly told it is private.
    Imagine the prosecutor letting someone who robbed you go free because you "didn't take precautions" (e.g. left personal belongs for a second, etc).
    (2) It legitimizes making technical measures have the force of law. If I (as an private citizen) have the technical ability to stop you from entering a public park, should you get arrested for going there anywhere? Heck no. In fact, I wouldn't be allowed to even use technical measures to stop you. That is why the DMCA is so bad. Copyright is limited by fair use - fair use activities are not trespass, they are more like entering a public easement on a property where such is allowed by law. If I as a property owner in the real world block access to an easement (try to build a wall on a road crossing my property), not only do people not get arrested for breaking down/circumventing/destroying the wall, I'll get arrested for building it.
    The DMCA turns that common sense notion upside down - the wall builder is ALWAYS right, the others are ALWAYS criminal.

    That article seems to feed that thinking.

    I am not a lawyer, but I understand common sense - which puts me above most of Congress.

  • Wow (Score:4)

    by bonzoesc ( 155812 ) on Sunday June 10, 2001 @12:06PM (#162056) Homepage
    Pretty soon, sending and recieving packets through ports will be illegal, too. Hopefully, we can call them sockets and evade the law.

    Tell me what makes you so afraid
    Of all those people you say you hate

  • Re:Why portscanning must be illegal. (Score:3)

    by peccary ( 161168 ) on Sunday June 10, 2001 @06:29PM (#162063)
    Since they're doing it from Korea, China, and Ghana, the fact that it might be illegal here doesn't help your security much.

    Or, to put it another way, since you're going to have to secure your systems anyway, why bother trying to make something illegal that actually might have a useful purpose once in a while?

  • Why portscanning must be illegal. (Score:5)

    by beable ( 170564 ) on Sunday June 10, 2001 @02:23PM (#162081) Homepage
    Let's say you're shopping around for a web hosting provider. A lot of them will say "secure and reliable", but you know that doesn't really mean anything. So, you decide to run a few trivial security checks on their servers, including running a port scan.
    Let's say I'm connecting my computer to the internet for private purposes. Why should I have to put up with repeated port scans? Those people aren't trying to connect to ports 111, 161, etc to do me a favour by testing my security. They're trying to break in! This would be obvious by examining what they had done, which would be to scan certain exploitable ports on a range of IP addresses. If you asked them, they would probably tell you why they did it: to find computers to break into. Let's not forget what happened to grc.com [grc.com].

    Portscanning should be considered a crime.

  • Take a Law Course? (Score:3)

    by Alien54 ( 180860 ) on Sunday June 10, 2001 @09:27PM (#162088) Journal
    It might seem that way to someone studying law at a school so prestigous and selective, where the current and former members of the student body are surely the most brilliant and ambitious of all academia, but if i may speak for the Slashdot crowd, it's a little boggling for us.

    A long time programming friend of mine mentioned that the most useful courses he took outside of the programming course were a business law course, just to cover the basics of things like this, and a business accounting course, just to get his mind wrapped around modelling what bean counters were doing in the first place.

    You would think with all of the legal issues running around, technical types could spend time just to get a toe wet, and get some familiarity with the concepts. It seems very much worth it.

    Check out the Vinny the Vampire [eplugz.com] comic strip

  • Port scan is checking doors/windows/air ducts/... (Score:5)

    by SlushDot ( 182874 ) on Sunday June 10, 2001 @04:49PM (#162089)
    After reading through much of the article, I still fail to see how scanning a host's ports is any different from knocking on that host's various doors and windows, seeing if anybody's home, or giving that host's various telephone lines a ring.

    I see port scanning as crawling around someone's house rattling doorknobs, windows, mailboxes, air ducts, rooftop hatches, basement doors, garage doors, electric panel doors, gas valves, water valves, sewer vent lines, outdoor outlets, chimney openings, stove vents. Trying all 256 codes on RF X-10 modules, using a frequency counter/scanner to check for and listen in on radio transmissions, ringing phone lines, ringing doorbells, seeing if you can turn on sprinklers/water faucets, etc.

    Would you have no problem with someone doing all that? That's a port scan.

    "Ringing a doorbell" is a single probe on port 80. "Ring a telephone" is a single probe on port 23. Don't bullshit yourself.

  • I see port scanning as crawling around someone's house rattling doorknobs, windows, mailboxes, air ducts, rooftop hatches, etc., etc., etc.

    Then you need better glasses.

    Your list of metaphorical intrusions and indignities doesn't leave anything to analogize for actual attacks.

    You're not going to be able to map the full cycle of casing, analysis, attack, and penetration to the burglary story unless you pace yourself a little.

    • Driving around looking for nice houses: Ping & port scan
    • Trying doors and windows: Using packaged exploits (parallels: It's easy; if it succeeds you are now able to walk around and do what you want; and any responsible person would have taken the simple measures to prevent its effectiveness)
    • Picking locks or prying open transomes: Launching hand-tooled attacks
    • Stealing and vandalizing once inside: Stealing and vandalizing once inside

    Remember perspective, it's a wonderful thing.

  • Good news (Score:3)

    by jsse ( 254124 ) on Sunday June 10, 2001 @05:07PM (#162152) Homepage Journal
    It's surely a good news to me. Everyday I got hundreds netbios (137/138/139) port scannings on my Linux server from Windows boxes within the same domain. I always wish somebody would bash them and jail them.

    Yes those Windows users might not aware as the netbios port scanning is being done automatically. However, they must take responsible for booting up their netbios port scanning OS which annoy their honest Linux neighbours.

  • Re:this is true (Score:4)

    by mikethegeek ( 257172 ) <blair@@@NOwcmifm...comSPAM> on Sunday June 10, 2001 @01:06PM (#162153) Homepage
    "Say you are a sysadmin. You run a mission-critical webserver. In the status quo, you receive around 40 portscans a minute. Hackers have been successful 3 times on your site. If portscans are outlawed, then the overall security of your site receives additional protection.
    Practical benefits like this one should be MUCH more important than simply protecting 'liberty."

    Please don't take this as a flame, but this is the same kind of flawed thinking that leads to things like anti-gun laws.

    It is an extremely FALSE assumption that merly outlawing portscans will somehow reduce breaking into systems, DOS attacks, etc. Last time I checked, THOSE activities were already illegal.

    To have any HOPE of effectiveness, you'd have to outlaw portscanning utilities. And give that law enough teeth to allow the stormtroopers (police) the ability to "find out who has them".

    Portscanners have very PRACTICAL and good purposes you know, such as, me, as a sysadmin can use one to make sure the ports I wanted closed ARE closed... To ban portscans and portscanning means more systems will be left open and vulnerable!

    Please think about the implications before so quickly giving up a liberty for the (false) promise of government guaranteed safety.

    Here is the best quote on this subject:

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."

    -- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

  • Questions..... (Score:5)

    by gooberguy ( 453295 ) <gooberguy@gmail.com> on Sunday June 10, 2001 @12:51PM (#162190)
    Just wondering, what constitutes port scanning? How many TCP ports need to be probed in how much time to be defined as port scanning? Does a program have to used? If I send 50 http GET requests to a computer within one second, is that port scanning? What about 50 TCP requests to a computer to 50 different ports in one second? I want to know!

    D/\ Gooberguy

Slashdot Top Deals

The optimum committee has no members. -- Norman Augustine

Close