lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri Jun  2 14:33:37 2006
From: drewmasters at gmail.com (Drew Masters)
Subject: Fw: scanning

It's worth looking into the Daniel Cuthbert case in the UK.

Drew

On 02/06/06, Lawrence Tang <tang.luong@...il.com> wrote:
>
> "Vulnerability test" is not "port scan". It could involve attempt to
> "penetrate" or even penetration of the website through a vulnerable server
> script for instance. In this particular case, we don't know what RA 8792 in
> the Philippines says and/or what Tridel Technologies, Inc did. But in
> general, "port scan" is supposed to be only checking which TCP/IP ports are
> open for connection without going through the entire process of connection.
> There is no question of penetration. How could any authority prosecute this
> legitimately? If I, by mistake, attempt a connection to a site, could I be
> in legal trouble? How many ports constitute "port scanning"?
>
>  ----- Original Message -----
> From: "Nightfall Nightfall" < danzigfour@...il.com>
> To: <full-disclosure@...ts.grok.org.uk>
> Sent: Friday, June 02, 2006 1:26 AM
> Subject: Re: [Full-disclosure] scanning
>
>
> > On 6/2/06, Simon Smith <simon@...soft.com> wrote:
> > > Guys,
> > >     It is not illegal to port-scan a target IP with or without
> > > authorization. It would be impossible to prosecute someone because
> they
> > > portscanned you. Hell, it would be near impossible to prosecute
> someone
> > > who ran nessus against you but never penetrated your systems. From
> > > expereince, the FBI only takes interest in crimes that cause roughly
> > > $50,000.00 in damage or more. If you are below that mark or if they
> are
> > > too busy... you won't get jack unless you pay for it.
> > >
> > >
> > >
> > > David Alanis wrote:
> > > >> Depends on the Jurisdiction... However If I found out that it was
> my
> > > >> site, I'd have to debate on whether or not to sue your ass... But
> that's
> > > >> just me...
> > > >>
> > > >
> > > > You would not sue anyone. Thats just saying that you would sue
> anyone
> under the sun trying to ping or go after some bot trying to scan your
> Apache
> box for IIS 5 vulnerabilities. My point is, even if you did realize
> someone
> was actively scanning your host, there would be nothing you could do, I
> think it would be too time consuming. Yet your question still stands. Is
> it
> legal or illegal?
> > > >
> > > > David
> > > >
> > > >
> > > >
> > > >> -----Original Message-----
> > > >> From: full-disclosure-bounces@...ts.grok.org.uk
> > > >> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of
> > > >> Nightfall Nightfall
> > > >> Sent: Thursday, June 01, 2006 7:54 PM
> > > >> To: full-disclosure@...ts.grok.org.uk
> > > >> Subject: [Full-disclosure] scanning
> > > >>
> > > >>
> > > >> Is it illegal if I perform a vulnerability scan on a site without
> > > >> permission from the owner? How about a simple port scan? thanks..
> > > >>
> > > >> _______________________________________________
>
> > > >> Full-Disclosure - We believe in it.
> > > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > >> Hosted and sponsored by Secunia - http://secunia.com/
> > > >>
> > > >> _______________________________________________
> > > >> Full-Disclosure - We believe in it.
> > > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > >> Hosted and sponsored by Secunia - http://secunia.com/
> > > >>
> > > >
> > > >
> > > >
> > > > "Great Spirits Have Always Encountered Violent Opposition From
> Mediocre Minds" - Einstein
> > > >
> > > > "Cuanta estupidez en tan poco cerebro!"
> > > >
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in it.
> > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > > Hosted and sponsored by Secunia - http://secunia.com/
> > > >
> > >
> > >
> > >
> > >
> > > BullGuard Anti-virus has scanned this e-mail and found it clean.
> > > Try BullGuard for free: www.bullguard.com
>
> > >
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> > >
> > I brought up this topic coz of these incident
> > -
> http://www.pinoytechblog.com/archives/tridel-settles-with-inq7net-on-vuln
> erability-test-suit
> > .
> > I was wondering if they were justified in suing the perpetrator who
> > did the vulnerability scan on their network.
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060602/424e5036/attachment.html

Powered by blists - more mailing lists