[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [dvd-discuss] e: portscanning
- To: "'dvd-discuss(at)cyber.law.harvard.edu'" <dvd-discuss(at)cyber.law.harvard.edu>
- Subject: RE: [dvd-discuss] e: portscanning
- From: Noah silva <nsilva(at)atari-source.com>
- Date: Mon, 22 Oct 2001 12:29:17 -0400 (EDT)
- In-Reply-To: <E06ADA0073926048AD304115DD8AB6BC9D679B@mail.onetouch.com>
- Reply-To: dvd-discuss(at)cyber.law.harvard.edu
- Sender: owner-dvd-discuss(at)cyber.law.harvard.edu
> > While I think that law is a bit unreasonable, as ICMP pings, etc. fly
> > around all the time, and I don't think port scanning should
> > be illegal...
>
> Port scanning would deviate from the well-known ports, so
> under the current law, even if permission for standard ports
> is implicit, scanning would probably still be illegal. (note: IANAL)
To me:
scanning is checking multiple ports.
Checking a port is knowing on a door to see if it's open.
Some ports are very standard, like FTP. Some are semi-standard (VNC,
etc.). Changing a ports isn't a good way to block access anyhow, so I
decline to draw a line between public and non-public ports. (technically
there is none).
Trying all my ports is like running down the hall knocking on every
door. It's annoying at most. Unless you do it 300 times in a row, it's
effects on me are very minor. So you know what doors I have open. If I
put the machine on the internet, I obviously don't mind random people
being able to tell that.
Anyone can scan right now the machine I sent this from and find:
a.) FTP
b.) HTTP
c.) Telnet
d.) SSH
e.) SMTP
maybe some others... so what? If I don't want you to be able to know
that.. I shouldn't put it on the internet.
If you try to log into telnet 300 times with different username/password
combinations... THAT is probably trying to "break in" and have
"unauthorized access".
-- noah silva