[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5341C40C.8010801@xorfork.com>
Date: Mon, 07 Apr 2014 00:15:56 +0300
From: Toni Korpela <admin@...fork.com>
To: Henri Salo <henri@...v.fi>
Cc: fulldisclosure@...lists.org
Subject: Re: [FD] Legality of Open Source Tools
Hey Salo.
I know that the act of port scanning without permission
is illegal even though easily done thanks to Fyodor's nmap.
The thing is that I find it really funny that I can not distribute
nmap legally to a friend at some other point of the Internet
and ask him to port scan my IP address.
Then I have broken the two laws section 9 a and 9 b in the
finnish criminal code and he has broken section 9 b most
likely even without knowing this.
My teacher teached us how to use nmap for checking if
our Linux servers had any ports open. Did we break the law
by posessing nmap on computers which we were using at
the time?
I have been alerted by ISP once about doing these tasks,
which may seem malicious from home to my own server.
The ISP only asked back then to scan my computer for viruses
and I told them I have been generating that traffic to my own
dedicated server and they took the block away.
The problem I really find annoying about this is that it does
not define what is malicious designed software because
something like metasploit can be used to secure other
software, but it can also be used as malicious tool to
make harm to others.
On 04/06/2014 11:24 AM, Henri Salo wrote:
> On Sat, Apr 05, 2014 at 01:23:51PM +0300, Toni Korpela wrote:
>> Greetings from Finland.
>>
>> I know that here it is illegal to import, manufacture, sell
>> or otherwise distribute such machine or software which
>> are designed to endanger or harm information and
>> communication systems.
> <snip>
>
> Basic examples, which I have personally encountered:
>
> 1) Not allowed to port scan. Some ISPs are already monitoring and warning users
> in case they do port scanning, but the reason for alerting might only be that
> they monitor and try to get rid of malware in their networks.
> 2) Not allowed to list vulnerable systems. I can't for example list all
> non-updated WordPress installations with their version numbers even this
> information is available to anyone.
>
> ---
> Henri Salo
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists