Illegal nmap port scanning

[MotionAwareness]

Hello,

Referring to a previous post about nmap port scanning an isp ( forums.remote-exploit.org/archive/index.php/t-7364.html ), where thePrez98 said:

... 'You clearly do not own "more than about 4-5 domains" therefore you have admitted to scanning domains to which you do not have permission or authorization.' ...

I'm curious why the act of port scanning is illegal. Doesn't nmap use the same mechanisms an any web browser establishing a TCP connection, only in a different manner (ie couldn't you point a browser sequentially at every ip and monitor the response ) ? Do you not have permission and authorization to point a web these same ip s ? In other words, what makes nmap different?

Also, is the illegality a law or is it a violation of an agreement one signs with the isp?

I'm partially playing devil's advocate, though I'm genuinely curious about the definition of public vs private space on the internet.

Thanks.

[streaker69]

Hello,

Referring to a previous post about nmap port scanning an isp ( forums.remote-exploit.org/archive/index.php/t-7364.html ), where thePrez98 said:



I'm curious why the act of port scanning is illegal. Doesn't nmap use the same mechanisms an any web browser establishing a TCP connection, only in a different manner (ie couldn't you point a browser sequentially at every ip and monitor the response ) ? Do you not have permission and authorization to point a web these same ip s ? In other words, what makes nmap different?

Also, is the illegality a law or is it a violation of an agreement one signs with the isp?

I'm partially playing devil's advocate, though I'm genuinely curious about the definition of public vs private space on the internet.

Thanks.

The Nmap scanning tool is easily identified by most IDS systems, so no, it is not the same as establishing a connection with a browser or email client. Conducting Recon against a network which you do not own, or licensed/paid to do could be considered illegal under some laws and is forbidden in most ISP AUP/TOS.

Private space on the internet would be anything on the LAN side of your Router, public space would be anything on the WAN side. You may own a domain and have it hosted at a datacenter, but that does not mean you have the right to conduct scans against that domain, as all that you own is the domain. You do not own the equipment it is hosted upon. Nor do you own the equipment inbetween you and your domain.

Here's an example:

My friends and I own a few domains, we have them hosted on our own server that we built ourselves. The server is hosted at an ISP that we pay for rackspace. While we may have the right to scan our box because it is physically ours, we could still get in trouble because we would be using the equipment in between us and that box. If the ISP has an IDS system in place, they could detect the scans and report the attempts.

Most AUP/TOS are worded in such a way that you may not conduct recon's while using their service.

[Glasskannon]

Ok so say you just signed a contract with Company A to penetrate their network. Based on your defination, that would still be illegal to do from your house using their service. Is this so? If it is, what do you use then to do the job legally?

[streaker69]

Ok so say you just signed a contract with Company A to penetrate their network. Based on your defination, that would still be illegal to do from your house using their service. Is this so? If it is, what do you use then to do the job legally?

Illegal gets thrown around way too much...

It would be in violation of the TOS, which is a Civil agreement.

Now most REAL companies that are employed to do penetration testing would have their own non-residential class connection to the internet and would have an agreement signed by their provider allowing for such activity.

Plus, penetration testing isn't just done from the internet, pen-testing can take on many different methods that don't involve coming in the front door so to speak.

[thorin]

Ok so say you just signed a contract with Company A to penetrate their network. Based on your defination, that would still be illegal to do from your house using their service. Is this so?

While doing such assessments from your from your residential DSL or Cable connection may not be illegal it would almost definitely violate your ISPs Terms of Service or Acceptable Use policy(ies).

If it is, what do you use then to do the job legally?

A business class internet connection with written and signed approval from the "target" and relevant ISP(s).

[secure_it]

scanning is having 2 types .
passive vs active

passive like sniffers
active like tools Nmap & nessus

passive is least detectable compare to active one.however the HIPS system easily detect the presence of sniffers in network.its totally ILLIGAL to scan a network without prior VA & PT confidential document agreement with the party.whether black box,white box or gray box testing always make a legal contract with company before performing VA & PT based on open source or commercial tools.
Nmap & Nessus both uses active scanning methods which are easily detectable and causes an alarm in IDS/IPS systems like Snort and Cisco IPS by alarming a signature of NULL scanning or FIN Scan like that.you can also see the ARP cache on victim target machine to see that someone is trying to access resource because that entry of attack machine wont be clear from there till long time.Firewall blocks the attempt of scanning so nmap is totally useless in that case.e.g. configuring the advanced protocol inspection in Cisco ASA and Checkpoint NGX R65 Firewall.


Secure_it
MS(IT),MCSE:Security,Comptia Security+,CCNA,EC CEH,CCSP,CCIE-Security