lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri Jun 2 14:33:37 2006 From: drewmasters at gmail.com (Drew Masters) Subject: Fw: scanning It's worth looking into the Daniel Cuthbert case in the UK. Drew On 02/06/06, Lawrence Tang <tang.luong@...il.com> wrote: > > "Vulnerability test" is not "port scan". It could involve attempt to > "penetrate" or even penetration of the website through a vulnerable server > script for instance. In this particular case, we don't know what RA 8792 in > the Philippines says and/or what Tridel Technologies, Inc did. But in > general, "port scan" is supposed to be only checking which TCP/IP ports are > open for connection without going through the entire process of connection. > There is no question of penetration. How could any authority prosecute this > legitimately? If I, by mistake, attempt a connection to a site, could I be > in legal trouble? How many ports constitute "port scanning"? > > ----- Original Message ----- > From: "Nightfall Nightfall" < danzigfour@...il.com> > To: <full-disclosure@...ts.grok.org.uk> > Sent: Friday, June 02, 2006 1:26 AM > Subject: Re: [Full-disclosure] scanning > > > > On 6/2/06, Simon Smith <simon@...soft.com> wrote: > > > Guys, > > > It is not illegal to port-scan a target IP with or without > > > authorization. It would be impossible to prosecute someone because > they > > > portscanned you. Hell, it would be near impossible to prosecute > someone > > > who ran nessus against you but never penetrated your systems. From > > > expereince, the FBI only takes interest in crimes that cause roughly > > > $50,000.00 in damage or more. If you are below that mark or if they > are > > > too busy... you won't get jack unless you pay for it. > > > > > > > > > > > > David Alanis wrote: > > > >> Depends on the Jurisdiction... However If I found out that it was > my > > > >> site, I'd have to debate on whether or not to sue your ass... But > that's > > > >> just me... > > > >> > > > > > > > > You would not sue anyone. Thats just saying that you would sue > anyone > under the sun trying to ping or go after some bot trying to scan your > Apache > box for IIS 5 vulnerabilities. My point is, even if you did realize > someone > was actively scanning your host, there would be nothing you could do, I > think it would be too time consuming. Yet your question still stands. Is > it > legal or illegal? > > > > > > > > David > > > > > > > > > > > > > > > >> -----Original Message----- > > > >> From: full-disclosure-bounces@...ts.grok.org.uk > > > >> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of > > > >> Nightfall Nightfall > > > >> Sent: Thursday, June 01, 2006 7:54 PM > > > >> To: full-disclosure@...ts.grok.org.uk > > > >> Subject: [Full-disclosure] scanning > > > >> > > > >> > > > >> Is it illegal if I perform a vulnerability scan on a site without > > > >> permission from the owner? How about a simple port scan? thanks.. > > > >> > > > >> _______________________________________________ > > > > >> Full-Disclosure - We believe in it. > > > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > > >> Hosted and sponsored by Secunia - http://secunia.com/ > > > >> > > > >> _______________________________________________ > > > >> Full-Disclosure - We believe in it. > > > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > > >> Hosted and sponsored by Secunia - http://secunia.com/ > > > >> > > > > > > > > > > > > > > > > "Great Spirits Have Always Encountered Violent Opposition From > Mediocre Minds" - Einstein > > > > > > > > "Cuanta estupidez en tan poco cerebro!" > > > > > > > > _______________________________________________ > > > > Full-Disclosure - We believe in it. > > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > > > > > > > > > > > > > > BullGuard Anti-virus has scanned this e-mail and found it clean. > > > Try BullGuard for free: www.bullguard.com > > > > > > > > > > _______________________________________________ > > > Full-Disclosure - We believe in it. > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > I brought up this topic coz of these incident > > - > http://www.pinoytechblog.com/archives/tridel-settles-with-inq7net-on-vuln > erability-test-suit > > . > > I was wondering if they were justified in suing the perpetrator who > > did the vulnerability scan on their network. > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060602/424e5036/attachment.html
Powered by blists - more mailing lists