Results 1 to 6 of 6

Thread: Illegal nmap port scanning

  1. #1
    Just burned his ISO
    Join Date
    Jul 2008
    Posts
    1

    Default Illegal nmap port scanning

    Hello,

    Referring to a previous post about nmap port scanning an isp ( forums.remote-exploit.org/archive/index.php/t-7364.html ), where thePrez98 said:

    ... 'You clearly do not own "more than about 4-5 domains" therefore you have admitted to scanning domains to which you do not have permission or authorization.' ...
    I'm curious why the act of port scanning is illegal. Doesn't nmap use the same mechanisms an any web browser establishing a TCP connection, only in a different manner (ie couldn't you point a browser sequentially at every ip and monitor the response ) ? Do you not have permission and authorization to point a web these same ip s ? In other words, what makes nmap different?

    Also, is the illegality a law or is it a violation of an agreement one signs with the isp?

    I'm partially playing devil's advocate, though I'm genuinely curious about the definition of public vs private space on the internet.

    Thanks.

  2. #2
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by MotionAwareness View Post
    Hello,

    Referring to a previous post about nmap port scanning an isp ( forums.remote-exploit.org/archive/index.php/t-7364.html ), where thePrez98 said:



    I'm curious why the act of port scanning is illegal. Doesn't nmap use the same mechanisms an any web browser establishing a TCP connection, only in a different manner (ie couldn't you point a browser sequentially at every ip and monitor the response ) ? Do you not have permission and authorization to point a web these same ip s ? In other words, what makes nmap different?

    Also, is the illegality a law or is it a violation of an agreement one signs with the isp?

    I'm partially playing devil's advocate, though I'm genuinely curious about the definition of public vs private space on the internet.

    Thanks.
    The Nmap scanning tool is easily identified by most IDS systems, so no, it is not the same as establishing a connection with a browser or email client. Conducting Recon against a network which you do not own, or licensed/paid to do could be considered illegal under some laws and is forbidden in most ISP AUP/TOS.

    Private space on the internet would be anything on the LAN side of your Router, public space would be anything on the WAN side. You may own a domain and have it hosted at a datacenter, but that does not mean you have the right to conduct scans against that domain, as all that you own is the domain. You do not own the equipment it is hosted upon. Nor do you own the equipment inbetween you and your domain.

    Here's an example:

    My friends and I own a few domains, we have them hosted on our own server that we built ourselves. The server is hosted at an ISP that we pay for rackspace. While we may have the right to scan our box because it is physically ours, we could still get in trouble because we would be using the equipment in between us and that box. If the ISP has an IDS system in place, they could detect the scans and report the attempts.

    Most AUP/TOS are worded in such a way that you may not conduct recon's while using their service.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #3
    Junior Member
    Join Date
    Sep 2007
    Posts
    28

    Default

    Ok so say you just signed a contract with Company A to penetrate their network. Based on your defination, that would still be illegal to do from your house using their service. Is this so? If it is, what do you use then to do the job legally?

  4. #4
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Glasskannon View Post
    Ok so say you just signed a contract with Company A to penetrate their network. Based on your defination, that would still be illegal to do from your house using their service. Is this so? If it is, what do you use then to do the job legally?
    Illegal gets thrown around way too much...

    It would be in violation of the TOS, which is a Civil agreement.

    Now most REAL companies that are employed to do penetration testing would have their own non-residential class connection to the internet and would have an agreement signed by their provider allowing for such activity.

    Plus, penetration testing isn't just done from the internet, pen-testing can take on many different methods that don't involve coming in the front door so to speak.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  5. #5
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by Glasskannon View Post
    Ok so say you just signed a contract with Company A to penetrate their network. Based on your defination, that would still be illegal to do from your house using their service. Is this so?
    While doing such assessments from your from your residential DSL or Cable connection may not be illegal it would almost definitely violate your ISPs Terms of Service or Acceptable Use policy(ies).
    If it is, what do you use then to do the job legally?
    A business class internet connection with written and signed approval from the "target" and relevant ISP(s).
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  6. #6
    Senior Member secure_it's Avatar
    Join Date
    Feb 2010
    Location
    在這兩者之間 BackTrack是4 FwdTrack4
    Posts
    854

    Default

    scanning is having 2 types .
    passive vs active

    passive like sniffers
    active like tools Nmap & nessus

    passive is least detectable compare to active one.however the HIPS system easily detect the presence of sniffers in network.its totally ILLIGAL to scan a network without prior VA & PT confidential document agreement with the party.whether black box,white box or gray box testing always make a legal contract with company before performing VA & PT based on open source or commercial tools.
    Nmap & Nessus both uses active scanning methods which are easily detectable and causes an alarm in IDS/IPS systems like Snort and Cisco IPS by alarming a signature of NULL scanning or FIN Scan like that.you can also see the ARP cache on victim target machine to see that someone is trying to access resource because that entry of attack machine wont be clear from there till long time.Firewall blocks the attempt of scanning so nmap is totally useless in that case.e.g. configuring the advanced protocol inspection in Cisco ASA and Checkpoint NGX R65 Firewall.


    Secure_it
    MS(IT),MCSE:Security,Comptia Security+,CCNA,EC CEH,CCSP,CCIE-Security

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •