>> Think of a burglar casing out the neighborhood.The burglar might walk up to a house and simply turn a doorknob or push a windowto see if it's locked or unlocked.Technically, there's nothing illegal about that.What about port scanning, then?Well, there are actually three well-known but very rare legal casesagainst people who performed port scans.In 1999, a consultant for the Cherokee County,Georgia Emergency 911 System scanned a Cherokee County web serverunder the control of a competing consulting firm.They detected the scan and reported it to the police, who arrested the consultantfor violating the Computer Fraud and Abuse Act.The CFAA deals with anyone who intentionally accesses a protected computerwithout authorization and, as a result of such conduct, causes damage,in addition to some other requirements.The second consulting company claimed damages involving time spent investigating the port scanand related activity.The civil case was dismissed before trial.The criminal court also found the lack of merit, and all charges were dropped.The consultant, though, has six-figure legal bills and wentthrough many stressful years in the courts.There is a happy ending.After devoting tons of time educating his lawyers about the technical issues involved,the consultant was able to start a successful forensics services company.Different courts or situations could lead to worse outcomes.A lot of states in the USA and other countries have their own computer use laws,which could arguably make a simple ping to a remote machine without authorization illegal.In 2003, a 17 year old from Finland was convicted of attempted computer intrusionfor port scanning a bank five years earlier.He was ordered to pay the bank's forensics investigation cost.Came out to around $12,000 U.S. In 2004, an Israeli judge acquitted a manwho had port scanned the Mossad National Intelligence Agency of Israel.The judge even commended the port scanning man for actingin the public good by checking for vulnerabilities.Some ISPs will call port scanning a denial-of-service attackbecause the large volume of traffic sent from one machine to another.As a result, your ISP could drop you as a customer or even look into further sanctions.So to answer the question, is port scanning legal,the answer is there's no conclusive answer, although precedent leads one to believethat intent to follow up the port scan with an attack iswhere the legal system might catch up to you.
转载于:https://www.cnblogs.com/sec875/articles/10028365.html
