lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <d36efa680606020502g768b28b8y172e0d7e3780cc3@mail.gmail.com>
Date: Fri Jun  2 13:59:49 2006
From: tang.luong at gmail.com (Lawrence Tang)
Subject: Fw: scanning

"Vulnerability test" is not "port scan". It could involve attempt to
"penetrate" or even penetration of the website through a vulnerable server
script for instance. In this particular case, we don't know what RA 8792 in
the Philippines says and/or what Tridel Technologies, Inc did. But in
general, "port scan" is supposed to be only checking which TCP/IP ports are
open for connection without going through the entire process of connection.
There is no question of penetration. How could any authority prosecute this
legitimately? If I, by mistake, attempt a connection to a site, could I be
in legal trouble? How many ports constitute "port scanning"?

 ----- Original Message -----
> From: "Nightfall Nightfall" <danzigfour@...il.com>
> To: <full-disclosure@...ts.grok.org.uk>
> Sent: Friday, June 02, 2006 1:26 AM
> Subject: Re: [Full-disclosure] scanning
>
>
> > On 6/2/06, Simon Smith <simon@...soft.com> wrote:
> > > Guys,
> > >     It is not illegal to port-scan a target IP with or without
> > > authorization. It would be impossible to prosecute someone because
> they
> > > portscanned you. Hell, it would be near impossible to prosecute
> someone
> > > who ran nessus against you but never penetrated your systems. From
> > > expereince, the FBI only takes interest in crimes that cause roughly
> > > $50,000.00 in damage or more. If you are below that mark or if they
> are
> > > too busy... you won't get jack unless you pay for it.
> > >
> > >
> > >
> > > David Alanis wrote:
> > > >> Depends on the Jurisdiction... However If I found out that it was
> my
> > > >> site, I'd have to debate on whether or not to sue your ass... But
> that's
> > > >> just me...
> > > >>
> > > >
> > > > You would not sue anyone. Thats just saying that you would sue
> anyone
> under the sun trying to ping or go after some bot trying to scan your
> Apache
> box for IIS 5 vulnerabilities. My point is, even if you did realize
> someone
> was actively scanning your host, there would be nothing you could do, I
> think it would be too time consuming. Yet your question still stands. Is
> it
> legal or illegal?
> > > >
> > > > David
> > > >
> > > >
> > > >
> > > >> -----Original Message-----
> > > >> From: full-disclosure-bounces@...ts.grok.org.uk
> > > >> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of
> > > >> Nightfall Nightfall
> > > >> Sent: Thursday, June 01, 2006 7:54 PM
> > > >> To: full-disclosure@...ts.grok.org.uk
> > > >> Subject: [Full-disclosure] scanning
> > > >>
> > > >>
> > > >> Is it illegal if I perform a vulnerability scan on a site without
> > > >> permission from the owner? How about a simple port scan? thanks..
> > > >>
> > > >> _______________________________________________
> > > >> Full-Disclosure - We believe in it.
> > > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > >> Hosted and sponsored by Secunia - http://secunia.com/
> > > >>
> > > >> _______________________________________________
> > > >> Full-Disclosure - We believe in it.
> > > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > >> Hosted and sponsored by Secunia - http://secunia.com/
> > > >>
> > > >
> > > >
> > > >
> > > > "Great Spirits Have Always Encountered Violent Opposition From
> Mediocre Minds" - Einstein
> > > >
> > > > "Cuanta estupidez en tan poco cerebro!"
> > > >
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in it.
> > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > > Hosted and sponsored by Secunia - http://secunia.com/
> > > >
> > >
> > >
> > >
> > >
> > > BullGuard Anti-virus has scanned this e-mail and found it clean.
> > > Try BullGuard for free: www.bullguard.com
> > >
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> > >
> > I brought up this topic coz of these incident
> > -
> http://www.pinoytechblog.com/archives/tridel-settles-with-inq7net-on-vuln
> erability-test-suit
> > .
> > I was wondering if they were justified in suing the perpetrator who
> > did the vulnerability scan on their network.
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060602/b833e5fa/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ