Kevin Poulsen, SecurityFocus 2000-12-18
Federal court finds that scanning a network doesn't cause damage, or threaten public health and safety.
Colapse all |
Post comment
Lame
2000-12-19
Anonymous (1 replies)
Anonymous (1 replies)
Lame (a reply by VC3)
2000-12-20
david.dunn (at) vc3 (dot) com [email concealed] (2 replies)
david.dunn (at) vc3 (dot) com [email concealed] (2 replies)
Hey folks, in case anyone wants the real truth:
1) We filed suit ONLY because we were being sued - i.e. it was just a legal tactic to try and get the lawsuit against us dropped (not an attempt to set legal precedent). The way our legal system works if someone sues you for what you believe is an ...
[ more ] [ reply ]
1) We filed suit ONLY because we were being sued - i.e. it was just a legal tactic to try and get the lawsuit against us dropped (not an attempt to set legal precedent). The way our legal system works if someone sues you for what you believe is an ...
[ more ] [ reply ]
Extra Lame
2000-12-20
anonymous (1 replies)
anonymous (1 replies)
Didn't know? Funny that the warrent for arrest said ATTEMPT TO COMPUTER TRESSPASS filed by ALAN HOWARD OF VC3 INC....
[ more ] [ reply ]
[ more ] [ reply ]
Extra Lame (Another reply from VC3)
2000-12-21
david.dunn (at) vc3 (dot) com [email concealed]
david.dunn (at) vc3 (dot) com [email concealed]
Well, there's no point in getting into a pissing contest over this since clearly your mind and the mind of most other posters is made up and therefore your probably not inclined to believe anything that I say.
However, I do want to clarify one thing: we did not file the warrant for his arrest. T...
[ more ] [ reply ]
However, I do want to clarify one thing: we did not file the warrant for his arrest. T...
[ more ] [ reply ]
Lame (a reply by VC3)
2000-12-21
Dazed and Confused (1 replies)
Dazed and Confused (1 replies)
I suppose a much greater question is this:
Do you press charges, report to your clients, and file frivilous lawsuits against _every_ individual that scans your network?
If so, your pockets for paid legal talent must be awfully deep and your payroll must be big....
[ more ] [ reply ]
Do you press charges, report to your clients, and file frivilous lawsuits against _every_ individual that scans your network?
If so, your pockets for paid legal talent must be awfully deep and your payroll must be big....
[ more ] [ reply ]
Lame (a reply by VC3)
2000-12-21
david.dunn (at) vc3 (dot) com [email concealed]
david.dunn (at) vc3 (dot) com [email concealed]
Sorry but our pockets aren't that deep and this is the first lawsuit we've ever been involved in. As I stated earlier, we did not press charges and the lawsuit we filed was purely in response to the fact that we were being hit by a frivolous lawsuit. We do as a general rule investigate port scans ...
[ more ] [ reply ]
[ more ] [ reply ]
Your headline is misleading
2000-12-19
EJ (4 replies)
EJ (4 replies)
The judge says in *this* case that no direct damage was done from the port scan, so he ruled in favor of the defendant. This particular port scan was done in error, most are done intentionally and many times lead to direct attacks. Port scans *should* be made illegal, the same as peering into someon...
[ more ] [ reply ]
[ more ] [ reply ]
re: Your headline is misleading
2000-12-19
ThwartedEfforts (2 replies)
ThwartedEfforts (2 replies)
Port scanning is equlivent to standing on the street and looking at the house to determine if it has windows. It is not equlivent to looking in the windows....
[ more ] [ reply ]
[ more ] [ reply ]
re: Your headline is misleading
2000-12-19
Sleeper (1 replies)
Sleeper (1 replies)
Not neccessarily. Port scanning the perimiter my be akin to looking at the windows, but when you scan further inside, you are coming into my "house"....
[ more ] [ reply ]
[ more ] [ reply ]
re: Your headline is misleading
2000-12-22
brm
brm
Such analogies are interesting, but law is not based on analogy. The telecommunications acts, passed during the 1990s, specify what is a crime. Some interpretation is necessary, especially in light of rapidly changing technologies. But analogies based upon homes and windows and peeping just don't ap...
[ more ] [ reply ]
[ more ] [ reply ]
re: Your headline is misleading
2000-12-20
Anonymouse (1 replies)
Anonymouse (1 replies)
Interesting. I would like to know an instance when port scanning someone that you do not do security business with has benifical results....
[ more ] [ reply ]
[ more ] [ reply ]
Your headline is misleading
2000-12-19
merk_man (1 replies)
merk_man (1 replies)
Your headline is misleading
2000-12-19
Ray L (4 replies)
Ray L (4 replies)
Assume he is. There are people who believe walking down a
street, trying front door knobs is a cool thing to do.
This is a comedy of stupidity.
Moulton should have advised the net admin in advance
of his port scan. He didn't, additionally, I fail to
see how scanning VC3's firewall helps ...
[ more ] [ reply ]
street, trying front door knobs is a cool thing to do.
This is a comedy of stupidity.
Moulton should have advised the net admin in advance
of his port scan. He didn't, additionally, I fail to
see how scanning VC3's firewall helps ...
[ more ] [ reply ]
Good guy getting blamed...
2000-12-19
anon-coward
anon-coward
Apparently, he did not know what was attached
to the network and that's the reason he performed
the scan... talking to the netadmin might have giving
him the proper info that he needed, but scanning
would reveal what actually was on the network...
In any case, as with any crafty sysadmin or
ha...
[ more ] [ reply ]
to the network and that's the reason he performed
the scan... talking to the netadmin might have giving
him the proper info that he needed, but scanning
would reveal what actually was on the network...
In any case, as with any crafty sysadmin or
ha...
[ more ] [ reply ]
Legality based on Assumtion
2000-12-19
Tiff
Tiff
Regardless of the purpose of the scan, no inherent damage was caused. The suit should have never even been brought to trial.
Making port scanning illegal based on the assumption that the person doing it may or may not have ill gotten intentions is ludicrous. Purpose should not be guessed at, or...
[ more ] [ reply ]
Making port scanning illegal based on the assumption that the person doing it may or may not have ill gotten intentions is ludicrous. Purpose should not be guessed at, or...
[ more ] [ reply ]
Your headline is misleading
2000-12-20
Giezr
Giezr
The law states that if your door is open someone sits in your house and watches TV as long as you cannot prove damages. Then you don't have them on anything but trespassing and invasion of privacy if you have a good lawyer.
True Example.
An elderly woman is asleep in bed. Her window is left op...
[ more ] [ reply ]
True Example.
An elderly woman is asleep in bed. Her window is left op...
[ more ] [ reply ]
Your headline is misleading
2000-12-22
brm
brm
You say that "This cracker judge, doesn't understand that port scans are a common precursor to attacks."
How is this relevant? Does the law prohibit precursors to attacks? I don't know, but I doubt it.
The judge has no choice but to interpret the law. If there's something wrong with the law, t...
[ more ] [ reply ]
How is this relevant? Does the law prohibit precursors to attacks? I don't know, but I doubt it.
The judge has no choice but to interpret the law. If there's something wrong with the law, t...
[ more ] [ reply ]
Your headline is misleading
2007-03-09
Sady.Org
Sady.Org
If you need a port open for a service like say Mysql but dont want the public to use it configure it with hosts.allow and hosts.deny(Linux) or remove the system off the internet since being on the internet makes your computer public.
I nmap every one for fun, so sue me.
I whois all the time too...
[ more ] [ reply ]
I nmap every one for fun, so sue me.
I whois all the time too...
[ more ] [ reply ]
Re: Your headline is misleading
2007-03-09
Sady.Org
Sady.Org
I see two simple reasons people dont like port scanning.
One: you dont know how to configure a secure computer or network!
Two: You just dont feel like securing you computer.
If I want to provide a public FTP or other service, port scan to se what is there, If I dont want you in there I will re...
[ more ] [ reply ]
One: you dont know how to configure a secure computer or network!
Two: You just dont feel like securing you computer.
If I want to provide a public FTP or other service, port scan to se what is there, If I dont want you in there I will re...
[ more ] [ reply ]
So if some one knocks on my door...
2000-12-19
garak (at) fastvcd (dot) com [email concealed] (1 replies)
garak (at) fastvcd (dot) com [email concealed] (1 replies)
So if some one knocks on my door and trys to open it and I get up to see who it is I can sue them for the time and energy that to took to get up and find out who it was....
[ more ] [ reply ]
[ more ] [ reply ]
Just don't do it.
2000-12-19
Anonymous Coward (1 replies)
Anonymous Coward (1 replies)
This only goes to show you that being customer service oriented is just going to get you put in jail. The guy should have just let someone kill the 911 system. Or better yet just get on welfare and stop working all together....
[ more ] [ reply ]
[ more ] [ reply ]
Just don't do it.
2000-12-19
iNDiGO
iNDiGO
Yes, portscanning is quite often a precursor to an intrusion attempt, but most companies (companies are the only people who would care about port-scanning) have a firewall or any other type of protection to stop these invasions.
I'm sure the guy that port-scanned the other guy did it by accident,...
[ more ] [ reply ]
I'm sure the guy that port-scanned the other guy did it by accident,...
[ more ] [ reply ]
A hacker is not a hacker he's a security consultant if he works for you.
2000-12-20
merchant
merchant
After so much time. I was beginning to think the world had gone crazy. A judge that understands the world as it is today. The world of the Internet and the world of misinformed publc are diverging rapidly, under the new international laws set up by the EU this would have still constituted a crime ho...
[ more ] [ reply ]
[ more ] [ reply ]
American Justice System
2000-12-20
b00tl3g
b00tl3g
Ok, so i do respect your justice system and it is used as a model for many other justice systems all over the world, but why is it that you americans sue everything at the drop of a hat? You sue for the most arbirary things imanigable. Ok, i do admit, the threat of sueing does make people jack up th...
[ more ] [ reply ]
[ more ] [ reply ]
VC3 is Full of Crap!
2000-12-20
JamesF, web developer
JamesF, web developer
From what I read out of this article, Moulton was simply looking for open ports that could pose a security risk to his client. I don't see any criminal intent in what he did.
Besides, VC3's firewall did it's job and prevented unauthorized access to the system.
I applaud the judge's decision to ...
[ more ] [ reply ]
Besides, VC3's firewall did it's job and prevented unauthorized access to the system.
I applaud the judge's decision to ...
[ more ] [ reply ]
Things not mentioned in the article
2000-12-20
A Fly on the Wall
A Fly on the Wall
1. The suit made claim that Moulton's Port Scan was a 'Denial of Service Attack' that cause a system outage. The President of the company that wrote the software that Mr. Moulton used to port scan the VC3 network wrote a letter stating that nothing malice could be done with the Port Scanning softwar...
[ more ] [ reply ]
[ more ] [ reply ]
Ringing a Doorbell or Checking for an Open Window?
2000-12-20
apersonwhosees thisalot
apersonwhosees thisalot
Port scan for port 80? Not so bad I guess, and if I was in IT security I would not be that concerned with it. A port scan for port 27374 however? (subSeven Trojan) It seems that that person was not trying to find a service, but an expliot. I am wondering if the judge ruled on intent, rather than the...
[ more ] [ reply ]
[ more ] [ reply ]
VC3
2000-12-20
Matthew F. Caldwell, CISSP <mattc (at) guarded (dot) net [email concealed]>
Matthew F. Caldwell, CISSP <mattc (at) guarded (dot) net [email concealed]>
I am the one that set up the orginal security system at this location. I used to work for VC3, Inc. Some of your assumptions are correct. VC3, runs the government systems in Cherokee County, at which time this person came to work on a contract at cherokee. So you can imagine, the pissing contest and...
[ more ] [ reply ]
[ more ] [ reply ]
Wrong
2000-12-20
William Black (1 replies)
William Black (1 replies)
So let me understand, Mr Moulton for doing his job professionally for Cherokee County 911 and verifying the integrity of the network, loses his contract?
And the court does not require any restitution from either the County or the competition?
Where is the motive to our jobs well and completel...
[ more ] [ reply ]
And the court does not require any restitution from either the County or the competition?
Where is the motive to our jobs well and completel...
[ more ] [ reply ]
Wrong
2000-12-20
aardwolfe (at) yahoo (dot) com [email concealed]
aardwolfe (at) yahoo (dot) com [email concealed]
Was Mr. Moulton doing a professional job, though?
I work for a security consulting firm. As part of that, we do "Ethical Hacking" or Penetration Attacks. We always verify with the client which IP addresses belong to him and ensure we have (in writing) permission to run port scans and other scans ...
[ more ] [ reply ]
I work for a security consulting firm. As part of that, we do "Ethical Hacking" or Penetration Attacks. We always verify with the client which IP addresses belong to him and ensure we have (in writing) permission to run port scans and other scans ...
[ more ] [ reply ]
Scanning illegal?
2000-12-20
vcloud
vcloud
What is it that as a society we believe that simply by making a law we've taken care of the problem. If people want to do something bad enough they just do it ,laws be damned. Lets' concentrate on making IDS systems that are not only more sensetive but more accurate and spread the tchnology around s...
[ more ] [ reply ]
[ more ] [ reply ]
Doing his job.
2000-12-20
Bob C
Bob C
This guy was working for the 911 Center and was scanning a CONNECTED SYSTEM? That makes quite a difference when port scanning and was he was trying to do his job to protect the server at the 911 Center. I would hope that each county that EACH of you live in has a computer guy protecting the server a...
[ more ] [ reply ]
[ more ] [ reply ]
Mistakes
2000-12-21
djmad (1 replies)
djmad (1 replies)
It seems to me Mr. Moulton's one mistake in all this was not notifying the NetAdmin of his port-scanning before running it.
The investigative bureau should have questioned him before arresting him as well. I would think any well run crime investigative unit would have researched the crime prop...
[ more ] [ reply ]
The investigative bureau should have questioned him before arresting him as well. I would think any well run crime investigative unit would have researched the crime prop...
[ more ] [ reply ]
Intent is really the issue
2000-12-21
Scott Craig <scraig@MIfortune500(fake).com>
Scott Craig <scraig@MIfortune500(fake).com>
I don't have legal expertise. I do have security expertise. I've also dealt with legal departments.
Even when working with agreements with vendors, a lawyer sometimes wishes to know the author of the agreements intent for some of the particular statements. That doesn't mean the statement gets cha...
[ more ] [ reply ]
Even when working with agreements with vendors, a lawyer sometimes wishes to know the author of the agreements intent for some of the particular statements. That doesn't mean the statement gets cha...
[ more ] [ reply ]
Clarifications
2000-12-21
JAG (Just Another Geek)
JAG (Just Another Geek)
Ok, couple of points here for anyone who might care:
__________________________________________________
1. Quote[
"Moulton was tasked to install a connection between the 911 center and a local police department, and he became concerned that the system might be vulnerable to attack through the ne...
[ more ] [ reply ]
__________________________________________________
1. Quote[
"Moulton was tasked to install a connection between the 911 center and a local police department, and he became concerned that the system might be vulnerable to attack through the ne...
[ more ] [ reply ]
[ more ] [ reply ]