June 21st, 2004, 04:00 PM
Is NMAP illegal to use?
Is using NMAP to find out about someone illegal? Ok, here is the background story.
For the past two days, somebody from the same address has been scanning me CONSTANTLY. My firewall has stopped it and recorded it, but it is really getting annoying.
Well, my good friend in real life (known has hobbdebub on here) came over. He came over to get some code and stuff...anyways, I told him about it, and he was like, "Scan him back. Maybe it'll stop him." So, I download nmap and scan him ( he is wide open to the world and running windows, maybe a script kiddie with a new toy), but the first time actually gave me a blue screen (yes, a bluescreen in Windows XP, needless to say we both had a large laugh.) So I do it a 2nd time (without any other programs open and my firewall down) and it worked and it gave me the info. Well, that was all fine and dandy (he hasn't scanned me anymore, and that was 30 minutes ago), but I wasn't satisfied. So I went to samspade.org and did a whois on his addy. I got the admin's e-mail and sent an e-mail to ask if they could do something.
Anyways, my question is, is NMAP illegal to use, and did I do the right things so far? Cuz I have had suggestions to nuke him, but I don't want to stoop so low as a script kiddie. So, am I doing right by sending e-mails to the admins and letting them sort it out? Thanks.
Don\'t mistake lack of talent for genius.
June 21st, 2004, 04:18 PM
Pleas note: I live in england. Laws are different all over the world however there are usally similarities. Please bear in mind that person living outside of the UK may be subject to different laws.
Whilst not illegal its not a good idea. The reason being it makes you look like you are going to attack someone. Whilst it is not illegal alot of isp's will cancel your account if they pick things like this going on over the net. Some isp's also have it in their terms and conditions that you cant scan over the net, If so then they will most likely cancel your account and it would also be a breach of contract for which they could take legal action. On the other hand they more than likely wont do anything and if they do its likely just a warning via email. Please also remember that this only accounts to over the net. Scanning on an internal network is fine.
June 21st, 2004, 05:27 PM
Just so you know, some of the ports being scanned is, 2745, 6129, 139, 80, 445, 3127, 1025. Oh, by the way, his scanning has picked up again. He had stopped for a while, but it started again at 10:30 and lasted till 10:40. Then he stopped until 11:23 and did it once. But now he has stopped again. *shrug* I am wondering if maybe the person has a virus and doesn't know about it? Any opinions?
Don\'t mistake lack of talent for genius.
June 21st, 2004, 05:28 PM
casual scan USUALLY is not illegal. But constantly scan someone and steal BW with scan packets from him is.
NMAP (like a bunch of other tools) is just a tool. It inst illegal. However you can use it for illegal purposes.
Never counter attack someone:
a) because he can sue you even he has attacked you 1st;
b) because it may be just a victim, with a backdoor installed.
Self-defense (on IT security perspective) isnt a valid argument on so many courts around the world.
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt.
If I die before I wake, I pray the Lord my soul to brake.
June 21st, 2004, 05:52 PM
Illegal, no. However it could easily be used as a mean's of hacking another system. Call it a "advanced port-scanner". But no, it isn't illegal.
June 21st, 2004, 06:48 PM
Spyder is right. Laws in the U.S. address only the actual penetration or unauthorized access to a protected network. Not the steps that could lead up to it. I wouldn't worry.
That's Officer 11001001 to you...
Now you see me | Now you don't
"Relax, Bender; It was just a dream. There's no such thing as two." ~ Fry
sometimes my computer goes down on me
June 21st, 2004, 07:22 PM
You are most likely being scanned by a worm. The reason it is sparratic is because the box is being shutdown by the "shutdown -i" script that is with the worm. It is looking for ports to spread itself onto, and judging by the ports it's picking, I think it looks like sasser. Scanning them back isn't going to do anything except show in court that you went looking for holes in the attacking computer.
Just block the suckers IP at the firewall and be done with it. Trying to fight back with a worm or a middle school loser with a port scanner is pointless.
The legality of it doesn't matter, if someone wanted to bust you for hacking, they would see your nmap scans in their logs and use them against you. You shouln't use nmap outside of the network you govern, as a rule of thumb.
June 21st, 2004, 08:13 PM
i agree with S_P, looks like a worm and although not against the law in the US to scan but it may just be against the acceptable use policy of your ISP. you cant be arrested but the ISP might just boot your account.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
June 21st, 2004, 09:17 PM
Everyone is giving good advice here. Using Nmap is legal, however, using Nmap for malicious purposes can get you into trouble if isomeone uses it to break into someone else's system. I use Nmap to merely gather information whenever I have an issue on my local network.
It sounds like you scanned him/her and after the fact realized your activity may be logged like you logged his/her activity, so to cover you tracks or defend what you did, you emailed the admin for his/her domain and attempted to indirectly justify what you did.
The person you scanned may very well report you to your isp as well just as you did him/her. Be careful what you use Nmap for, it can definitely get you in trouble if not used appropriately.
June 21st, 2004, 09:33 PM
In the US it's considered to be rude,and like others stated illeagal in most ISP policy.
On the other hand I know that my ISP dosn't care unless someone is seriously whining, because they don't want to lose that $50 a month. Suggestion don't scan outside your network.