It seems to me Mr. Moulton's one mistake in all this was not notifying the NetAdmin of his port-scanning before running it.

The investigative bureau should have questioned him before arresting him as well. I would think any well run crime investigative unit would have researched the crime properly and questioned suspects BEFORE arresting anyone.

It also appears that VC3 jumped to conclusions about Moulton's true intent of his port scan, and if there was already a 'pissing contest' going on this gave them great ammunition to get rid of their competition. They got what they wanted, and I hope Moulton sues them for defamation of character, because I can almost guarantee you he will never get an IT contract in that area again after this mess, and he was just doing his job!

It also makes me wonder why VC3 got so bent out of shape - did Moulton's port scan turn up some vulnerabilities in their firewall that resulted from negligence on their part?

It's a sad state of affairs that people are so paranoid about DoS attacks and port scans that an IT Professional can't be thorough in his job without being suspected of criminal activity himself.

Hardware security companies test their installed systems all the time and nobody files charges against them when they find something they weren't expecting. They APPRECIATE knowing a vulnerability has been found.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/126/4120#4120