...in Moulton vs. VC3 that port scanning was legal as long as no damage was done. The Patriot Act upped the ante a bit by classifying any investigation that ran more than $5000 as damages.
Printable View
...in Moulton vs. VC3 that port scanning was legal as long as no damage was done. The Patriot Act upped the ante a bit by classifying any investigation that ran more than $5000 as damages.
Just because the courts ruled it ok, doesn't mean your ISP will agree. Additionally, many of the port scanning tools out there may cause system crashes. Now, while the system itself may not be "damaged" there is, IMO, a real interference to network usage and potential lives at stake (case in point the case you reference -- what if someone was calling in right when the scan occurred and the system went down).Quote:
in Moulton vs. VC3 that port scanning was legal as long as no damage was done. The Patriot Act upped the ante a bit by classifying any investigation that ran more than $5000 as damages.
I still wouldn't trust it and would still ask for a written document that states I'm allowed to do a network scan, just as CYA.
Quote:
Sourced: PowerPoint Presentation
Scott Moulten
Moulton v. VC3, 2001-1 Trade Cas. (CCH) P 73202, 2000 WL 33310901 (N.D. Ga. 2000),
Two competing companies had contracts for computer consulting services with government agencies – one for the county, and one for a city in that county.
When the city wanted to connect its 911 network with the county, Moulton, an employee of the company with the contract with the county, did a port scan and throughput test on the competitor’s network without the competitor or the city’s consent.
...got disconnected once as it is. He-heh, told tech support it was a trojan and got reconnected in a flash. I'm on so many ISPs it's ridiculous...
On the occasions I have used security auditors the permissions you grant and the rights they have are far more restricted than simply "ok, have a go, here's my written permission".
We contract in writing with all the sweet legalese that goes along with it the following, (these refer to both internal attacks and external so they may seem strange in the wrong context... It makes for a long document):-
1. Netblock that may be scanned.
2. Netblock that may be destrucively vuln tested.
3. Netblock that may be potentially destructively pen tested.
4. Hosts that may be destructively vuln tested.
5. Hosts that may be potentially destructively pen tested.
6. Limit of potential destructive testing in _any_ case, (trashing the box completely is disallowed :rolleyes: )
7. Hosts that are "out of bounds" to any potentially destructive testing.
8. Hosts that will be used for the scans, vuln tests and pen tests including idle scans, spoofs etc.
9. That _all_ activity will be dumped by both parties for analysis to verify in the case of issues/problems.
10. Whatever they find they make it look like it's not the fault of the idiot secadmin responsible...
Ok, the last one is a joke..... :D
Quote:
ot sure what you mean by "...download the windows version and check boxes off and push buttons" as it's command prompt only on the Windows port (no GUI for Windows!).
dont know if you figured it out yet, but they were talking about winmap, Its a GUI front to NMAP that has little check boxes that let you click on the options you wish to use. and yes, it is used for windows.
...it's just a coffeehouse. If it were a corporate environment, certainly a contract would be in order, but all I'm doing is helping a buddy keep his bandwidth open. Lawdy, if this is what high-tech is coming to...
p.s.-- thanks XTC, didn't know we had a front end for nmap on Windows yet. I did a search for it and found nothing. I'm actually quite comfortable with command line.
...how would you audit a small public network like a coffeehouse LAN? The two computers I filtered at the router both had much slower ping times than the others visible to Angry IP (35ms and 80ms) so I figured something was up. And sure enough, once I filtered (disabled) those two MAC addresses, internet access returned to normal for everybody else. As you may surmise, we've had this problem before. My buddy's solution (the owner) has been to powercycle the router and the modem, which works for a short time, but is no real solution. We know the offending computers belong to a youth ministry upstairs as we've been through this before with them. In fact, I'll probably be through there tomorrow, coaching them once again on good computer hygiene (no porn sites, guys, and no music downloads). The fact is, the owner's very appreciative of my help (I get results) and I make every effort to explain to him what I'm doing. I haven't crashed or harmed anyone's computer as far as I know in the hundreds of scans I've run, even on my own systems. Doing harm is not my intent at all. Enabling WEP is no real solution either as the offenders would have the key (they're on the network by the owner's permission).
p.s.--don't worry MsMittens, if anyone's life's at stake, there's plenty of Ye Olde Analog Phones hardwired into the office upstairs. 911 works fine on older phones. ;)
so the final word is that i should keep my pawns off the scan button for a while
I must be smokin' crack then, since I have tried a couple. :D Don't like any of them except the one for x-windows, but for santity's sake. Here's one for 3.5Quote:
as it's command prompt only on the Windows port (no GUI for Windows!).
...makes me look like a genius 'round my friends.
Well, I guess all I can do to find the stealthed computers on the network is to run ethereal off a regular nic and look at the ARP table. Ethereal just does not like my wireless card. No big deal, got 'er licked for now. I did some experimenting w/ ZoneAlarm on my office network. It does a very good job of stealthing, as does XP's built-in forewall (believe it or not).