-
Is NMAP illegal to use?
Is using NMAP to find out about someone illegal? Ok, here is the background story.
For the past two days, somebody from the same address has been scanning me CONSTANTLY. My firewall has stopped it and recorded it, but it is really getting annoying.
Well, my good friend in real life (known has hobbdebub on here) came over. He came over to get some code and stuff...anyways, I told him about it, and he was like, "Scan him back. Maybe it'll stop him." So, I download nmap and scan him ( he is wide open to the world and running windows, maybe a script kiddie with a new toy), but the first time actually gave me a blue screen (yes, a bluescreen in Windows XP, needless to say we both had a large laugh.) So I do it a 2nd time (without any other programs open and my firewall down) and it worked and it gave me the info. Well, that was all fine and dandy (he hasn't scanned me anymore, and that was 30 minutes ago), but I wasn't satisfied. So I went to samspade.org and did a whois on his addy. I got the admin's e-mail and sent an e-mail to ask if they could do something.
Anyways, my question is, is NMAP illegal to use, and did I do the right things so far? Cuz I have had suggestions to nuke him, but I don't want to stoop so low as a script kiddie. So, am I doing right by sending e-mails to the admins and letting them sort it out? Thanks.
-
Pleas note: I live in england. Laws are different all over the world however there are usally similarities. Please bear in mind that person living outside of the UK may be subject to different laws.
Whilst not illegal its not a good idea. The reason being it makes you look like you are going to attack someone. Whilst it is not illegal alot of isp's will cancel your account if they pick things like this going on over the net. Some isp's also have it in their terms and conditions that you cant scan over the net, If so then they will most likely cancel your account and it would also be a breach of contract for which they could take legal action. On the other hand they more than likely wont do anything and if they do its likely just a warning via email. Please also remember that this only accounts to over the net. Scanning on an internal network is fine.
-
Just so you know, some of the ports being scanned is, 2745, 6129, 139, 80, 445, 3127, 1025. Oh, by the way, his scanning has picked up again. He had stopped for a while, but it started again at 10:30 and lasted till 10:40. Then he stopped until 11:23 and did it once. But now he has stopped again. *shrug* I am wondering if maybe the person has a virus and doesn't know about it? Any opinions?
-
casual scan USUALLY is not illegal. But constantly scan someone and steal BW with scan packets from him is.
NMAP (like a bunch of other tools) is just a tool. It inst illegal. However you can use it for illegal purposes.
Never counter attack someone:
a) because he can sue you even he has attacked you 1st;
b) because it may be just a victim, with a backdoor installed.
Self-defense (on IT security perspective) isnt a valid argument on so many courts around the world.
-
Illegal, no. However it could easily be used as a mean's of hacking another system. Call it a "advanced port-scanner". But no, it isn't illegal.
-
Spyder is right. Laws in the U.S. address only the actual penetration or unauthorized access to a protected network. Not the steps that could lead up to it. I wouldn't worry.
-
You are most likely being scanned by a worm. The reason it is sparratic is because the box is being shutdown by the "shutdown -i" script that is with the worm. It is looking for ports to spread itself onto, and judging by the ports it's picking, I think it looks like sasser. Scanning them back isn't going to do anything except show in court that you went looking for holes in the attacking computer.
Just block the suckers IP at the firewall and be done with it. Trying to fight back with a worm or a middle school loser with a port scanner is pointless.
The legality of it doesn't matter, if someone wanted to bust you for hacking, they would see your nmap scans in their logs and use them against you. You shouln't use nmap outside of the network you govern, as a rule of thumb.
-
i agree with S_P, looks like a worm and although not against the law in the US to scan but it may just be against the acceptable use policy of your ISP. you cant be arrested but the ISP might just boot your account.
-
Everyone is giving good advice here. Using Nmap is legal, however, using Nmap for malicious purposes can get you into trouble if isomeone uses it to break into someone else's system. I use Nmap to merely gather information whenever I have an issue on my local network.
It sounds like you scanned him/her and after the fact realized your activity may be logged like you logged his/her activity, so to cover you tracks or defend what you did, you emailed the admin for his/her domain and attempted to indirectly justify what you did.
The person you scanned may very well report you to your isp as well just as you did him/her. Be careful what you use Nmap for, it can definitely get you in trouble if not used appropriately.
-
In the US it's considered to be rude,and like others stated illeagal in most ISP policy.
On the other hand I know that my ISP dosn't care unless someone is seriously whining, because they don't want to lose that $50 a month. ;) Suggestion don't scan outside your network.
-
Me and a few of my friends very regularly battle it out via the internet using NMAP and all sorts of other stuff. We have never had any probs with our ISP's though.
I dont think they care unless they receive a lot of complaints on a regular basis about you!
-
My ISP only cares if someone complains enough... But anyone with half a mind scans on a different PC than their own if they plan on attacking... Proxies don't work either, because they show up as proxies, public computers get used the most for this type of thing.
-
that must be on effective worm to be able to go thorugh all thoes ports or a realy infected system. Both could be possable but it seems like a kiddy looking for machines to be exploited by his programs. Like it was said nmap isn't ilegal but a scan can be consitered an warning for a attack. Rule of thumb: "if it would make you suspisious don't do it to them".
-
not really... Sasser opens up quite a few ports on a computer I am quite sure... Even a skiddie wouldn't scan the same target over and over again... Unless they are really really stupid...
As a rule of thumb: "If a port scan makes you suspicious, you are too damn paranoid"
-
Quote:
Originally posted here by ack!_GRUB!
that must be on effective worm to be able to go thorugh all thoes ports or a realy infected system. Both could be possable but it seems like a kiddy looking for machines to be exploited by his programs.
Actually worms will only scan a small number of ports... what you wanna scan is an IP range pluse a small number of ports that usually associate with the services which it'll use. Usually it'll run a buffer overflow exploit or take advantage of trojans that have been dropped by previous worms. Im sure there are still some idiotic scumbags out there that are still infected with welchia, agobot, doomjuice, & (ect). I'd like to send these peaple to camps and have them exterminated in giant gas chambers disguised as showers.
But why always just assume the "OMG how dare this guy" approach of things? Esspecially when automated attacks have consistantly been on the rise for the past 6 to 5 years or so.
-
To funny and a retard usually is just that.
First consider what you and so called friends are engaged in you topic LOL are these per chance your very activites.
Ports:
139 - Usually associated with the Bagel virus you or a fried have it and are looking for other systems. Or have placed it on another system.
6129- They these so called friends are looking to see if some sort of remote Admin is there.
139- This is about file sharing that relates to port 445 Server message or netbios looking for stuff to open to 139.
3127- Again most likely Mydoom that relates to the above.
1025- RPC ( Remte Call Procedure Call).
You want to know whay you have this stuff look to your own actions check any process running play with this tool online with on-line friends do not complain here. Try a goolgle search on your port numbers. You did not mention any software your are running.
Smiles crap stinks and a few here do also and I wish them luck it is rare I respond to nonsense, just make my living in the real world while real kids want to break Windows like that takes any knowledge.
Peace
-
Using nmap is like using any other tool, it's not illegal until you use it to break the law.
--PuRe
-
Quote:
Originally posted here by Cpt. Commander
Just so you know, some of the ports being scanned is, 2745, 6129, 139, 80, 445, 3127, 1025. Oh, by the way, his scanning has picked up again. He had stopped for a while, but it started again at 10:30 and lasted till 10:40. Then he stopped until 11:23 and did it once. But now he has stopped again. *shrug* I am wondering if maybe the person has a virus and doesn't know about it? Any opinions?
Its just a zombie infected with phatbot , do a whois and send an abuse complaint to the isp and if you are lucky they will tell them to clean up their computer , i see this all the time.....
edit http://www.us-cert.gov/current/current_activity.html --2/3 of the way down the page
-
Yeah. I did that yesterday. Thanks Lumpy.
