Legality of port scanning

anonym00se

Does any one know the legality of port scanning a box that you dont own in Ireland?

Draco

Without the owners permission, it is illegal.

Draco

anonym00se

Where did you get your answer from, or are you simply saying what you think the answer is/should be?

Any one know where I can find info on law relating to computer security in ireland?

zenith

AFAIK, there's ****-all legislation covering this type of activity, but IMHO, port scanning would not be actionable unless it caused damage, while 'sploits and attempted 'sploits would be.

But I dunno. I was ha><ored in early '92 and my left arm has never been right since.

Coyote

I know taht this is not in ireland but, in Norway a court ruled that scaning was the same as ringing on someones door to see if someone was home, where in some other places like the states they count it as a attact on a server. at the moment is a bit mad, the charges being brought up against cracker for braking in to computers is way over the top, like 10 years in jail if they get there way in the US, when for something like jsut cracking a server (not doing damage) should be counted as the same a trepassing or brakeing and entering. you will get more time in jail in the US for doing 10 grand damage to a server that killing someone.

Coyote

Gavin

huumm,.. remember reading a bit on it a while ago. I think that is is legal to just purely scan for ports, just as it is to ping a machine. However some port scanners will do more than just check for open ports.. they see what sort of access they can get with those ports.. and that type are illegal, yes

Draco

Originally posted by anonym00se:
Where did you get your answer from, or are you simply saying what you think the answer is/should be?

Any one know where I can find info on law relating to computer security in ireland?

AFAIK it is covered by the mis-use of computers act (or whatever it is called). I found out about it when I was working in an interent cafe and one of the staff was going through a 3733+ ha><0r dood phase and scanned some government machines. They then phoned us up and told us if it happened again, he could be nicked under the mis-use of computers act. They also mentioned that you could portscan a machine if you were given persmission for testing the security.

As for finding out, I'm sure DeVore could point you in the right direction.

Draco

Hobbes

There was a court case (last year?) where someone was sued for port scanning a box.

Because the port scan didn't cause any denial of service it was perfectly legal to do and the guy got off.

It can't really be classed the same way as war dialing or checking someones locks as if your connected to the internet you are allowing yourself to be accessed by everyone.

If the person actually used the open ports to try and break in that would be a different story.

BrainDead

To find what services are running on a box in the hope of finding one with an exploit.

BossArky

Excuse my ignorance, but what does port scanning actually achieve?...I mean , like why do you do it?

sam

if i drop a rock on someones head, it is the rock that is causing the damage , i am merely a tactician who worked out a clever plot to achieve my goal (death of man by rock)
same way, by portscanning, i am just testing to see if your computer has any flaws within it, what happens as a result of these flaws is your concern, not mine, i am merely sending electronic data to your computer

or

the rock is an extension of the man, who has used it to kill the other man, so he is the killer, and must be dealt with accordingly,
and by portscanning you are trying to break into my computer by using flaws in it, you are therefore attacking my computer, similar to attacking my bike or something(bikes wont defend themselves usually), and must be dealt with accordingly


"the law" will choose the second response

TwoShedsJackson

Originally posted by sam:
similar to attacking my bike or something(bikes wont defend themselves usually

anonym00se

Originally posted by sam:
by portscanning you are trying to break into my computer by using flaws in it

Ummmm please explain what flaws (you /seem/ to think) portscanning is using!!!!!!

Draco

Originally posted by anonym00se:
Ummmm please explain what flaws (you /seem/ to think) portscanning is using!!!!!!

I think the point was that port scanning is finding flaws, not using them.

Draco

sam

portscanning is using a flaw in the way your computer works, in that your computer was not meant to give information whether a port is open or not to any other pc, other than the one it expects to recieve data on the open port from

it is a flaw in the internet protocol, everything has flaws

Lump

Portscanning depending on which one you use will

A) Tell you what ports are open. E.g A port is open for everything you are using that is connected to the net. Ie MIRC uses a port say 6602, Halflife uses a port say 1052. You can then use this info to nuke someone through that port so the fire wall wont pick it up.

Other portscanners will tell you what apps are being used on what ports, E.g Mirc= Port 6602, Halflife = Port 1052. But what they will also tell you is that there is a trojan (Back door) Running on the machine E.G Netbus or Back Orifice. And it will tell you the port it is using. This will enable you to have complete access to the persons computer and files etc.

john

Hobbes

Of course if you have a reasonably well firewall it will stop all but the most determined from taking down your machine.

And remember we are talking about the legality of port scanning. Not what you do with that information once you got it.

Gavin

I think that saying port scannng, ( just scanning now.. ) is illegal, would be like saying pinging is illegal..

Any complaints ?

Gav

Draco

Originally posted by anonym00se:
So by that rationale doing an nmap -sS would be ok as you arent opening a full connection. You are just waiting for either a syn|ack or rst.

Er...what does nmap -sS do excatly?

Draco

anonym00se

nmap -sS, from the man page

-sS TCP SYN scan: This technique is often referred to as "half-open" scanning, because you don't open a full TCP connection. You send a SYN packet, as if you are going to open a real connection and you wait for a response.

A SYN|ACK indicates the port is listening. A RST is indicative of a non-listener. If a SYN|ACK is received, a RST is immediately sent to tear down the connection (actually our OS kernel does this for us).

The primary advantage to this scanning technique is that fewer sites will log it. Unfortunately you need root privileges to build these custom SYN packets.

DeVore

Port scanning is tolerated by just about everyone now. As one ISP put it to me "Its background noise on the internet now, you just have to deal with it".

Given the commonality of it it would be hard to arrest someone for doing it without opening a can of worms about unfair application of the law.

That said, I dont see anything you could claim you were doing it for *apart* from looking for ports to exploit.

"yes your Honour, I was really rather curious to see if they we running telnet. Purely for educationaly reasons you understand."

The law will make up its own mind about this and would, if pushed, likely rule it illegal. Enforcement is another issue.

DeVore.

Gavin

The way i would see it would be that if you pinged a machine, then you are ascertaining as to whether or not this machine is viable for an attack.. Port scanning would merely be an extension of this ascertation.

follow ? ya can't hack it if it's not on the net.. ( i know you can disallow ping responses, but we'll ignore that )

Gav

Draco

I think that saying port scannng, ( just scanning now.. ) is illegal, would be like saying pinging is illegal..

Not quite.
To use an anaolgy, pinging would be like touching a car and port scanning would be like trying all the door handles. You can be picked up for doing the latter, but not the former.

Draco

anonym00se

Originally posted by Verb:
I think that saying port scannng, ( just scanning now.. ) is illegal, would be like saying pinging is illegal..

Any complaints ?

Gav

that is the way I would have taken it, but guaranteed it isnt the right answer, I would love to see the legality of it written in blood or ston or what ever so I could verify this.

Would it cone under any other computer mis use acts, come to think of it, where would you get info on the computer mis use act

anonym00se

Originally posted by Draco:
Not quite.
To use an anaolgy, pinging would be like touching a car and port scanning would be like trying all the door handles. You can be picked up for doing the latter, but not the former.

So by that rationale doing an nmap -sS would be ok as you arent opening a full connection. You are just waiting for either a syn|ack or rst.

anonym00se

Originally posted by Lump:
Portscanning depending on which one you use will

Other portscanners will tell you what apps are being used on what ports,

Ok this is getting slightly OT but...

all port scanners will tell you what ports it finds are open on a machine, that is thoe whole idea.

As for telling you what daemons are running, the only scanner I know of that can do this is a patched version of nmap, which will try and grab a banner when it connects to a port.
All other portscanners (including nmap unpatched) will just tell you what it expects to find running on what ever port it finds open (take a look at /etc/services on a unix
machine for a list of port numbers and what is usually run off them

sam

no, pinging isnt exactly harmless either,you can use pings to lag the **** out of someone(really annoying when theyre trying to do something, eg. play quake), and sometimes even disconnect them from their isp, all you need is a better connect than them, and a firewall doesnt do anything to help you, because the pings dont get dropped until they reach the firewall (obviously)

it all depends on the motive, and circumstances, whether its considered illegal or not eg. a person trying all the handles on a burning car to rescue someone isnt normally considered to be breaking the law, but the same person doing the same thing for no reason is considered to be breaking the law

Draco

The big difference between pinging and portscanning a machine you don't own is that you may have a legitmate reason to ping someone while there is never a legitimate reason for portscanning.

Draco

Gavin

hmm... a legitimate reason..
apart from the obvious one of testing security.. hehe

umm...
you have been told to use this machine as your email server and you don't know what port the email server is running on..
Kinda grabbing at straws here i know.. any1 else got a better reason for scanning a machine ?

Gav

anonym00se

Originally posted by sam:
no, pinging isnt exactly harmless either,you can use pings to lag the **** out of someone(really annoying when theyre trying to do something, eg. play quake), and sometimes even disconnect them from their isp, all you need is a better connect than them, and a firewall doesnt do anything to help you, because the pings dont get dropped until they reach the firewall (obviously)

You just add the relevant filtering to either the router or the firewall, so yes you will be able to get some sort of protection, and seeing as your machines are behind the firewall you are gonna see only a slight
performance hit [until your connection is established], compared to what you would
see if you werent filtering at all.

These are a good read:
*http://packetstorm.securify.com/papers/contest/RFP.doc

*http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2267.txt

sam

those two documents, old stuff, have nothing to do with this, if anything they back up my point about being able to use almost anything as the basis for an "attack"

i said a firewall would only drop packets at your end, so you would still get the lag, obviously im not talking about processor usage or whatever, im talking about the path from the isp to you being flooded

actually there are legitimate uses for portscanning, but as i said before, it all depends on what the circumstances are, and your motive for portscanning



[This message has been edited by sam (edited 22-06-2000).]

Draco

Originally posted by sam:
actually there are legitimate uses for portscanning, but as i said before, it all depends on what the circumstances are, and your motive for portscanning
B]

Not when you don't own the machine.
What possible legitimate reason would you have?

Draco

sam

suppose you didnt know what computer your isp ran an smtp server on, you could scan port 25 on some machines to see if they offered the service, eg. www.esatclear.ie

or maybe your isp's one was down, and you were looking for any random one, you might scan 'likely' targets, eg. mail.yahoo.com, to see if they offered the service

[This message has been edited by sam (edited 22-06-2000).]

spod

Originally posted by sam:
suppose you didnt know what computer your isp ran an smtp server on, you could scan port 25 on some machines to see if they offered the service, eg. www.esatclear.ie

or maybe your isp's one was down, and you were looking for any random one, you might scan 'likely' targets, eg. mail.yahoo.com, to see if they offered the service

[This message has been edited by sam (edited 22-06-2000).]

I really don't see why this needs a full port scan, surely telnet possiblehost:25 is all that's necessary
as opposed to checking to see the full list of open ports on the host...

Anyway, to add my two cents, port scanning probably is or should be illegal, but there's not much you can do about it in terms of enforcement etc.
http://freepaul.org/ is a pretty amusing read, it's a student in California State university student who is getting in a bit of hassle with his college for port scanning a bunch of machines from his dorm. Seemingly it's a criminal offence in california, to portscan a machine which you don't have permission to access.

I'm not sure if it's illegal here, but, it probably is in some form or other, however actually doing anything about it is another matter.

yawn

anonym00se

Originally posted by spod:
I really don't see why this needs a full port scan, surely telnet possiblehost:25 is all that's necessary
as opposed to checking to see the full list of open ports on the host...

Now that is grand if you are checking maybe one or 2 hosts, but any more and a port scan along the lines of:

nmap -sS -p 25 4.0.0.1/1 would do the trick and be a hell of alot quicker, granted though this example is going to take a hell of a long time

spod

I reckon fyodor must have a binary representation of his kitchen sink buried in that code somewhere....

sam

you people are missing the point, it should only be illegal if it can be proved the motive for portscanning was malicious, it should not be illegal if the motive was not malicious

portscanning means scanning a port, doesnt mean you have to scan all ports

anonym00se

Originally posted by sam:
portscanning means scanning a port, doesnt mean you have to scan all ports

No no I got the point you were getting at
hence my example which would scan 128 class A's for an open port 25 (and nothing more).

anonym00se

Originally posted by spod:
I reckon fyodor must have a binary representation of his kitchen sink buried in that code somewhere....

Can we take it from that, that you dont like or think that nmap is bloatware?