In reading the article FINDING FENCES IN CYBERSPACE: PRIVACY AND OPEN ACCESS
ON THE INTERNET
by Ethan Preston. I did not see anything that makes it illegal to use nmap
unless you are attempting to hack into someone's system unauthorized. The
article simply addresses the legitimate issues of unauthorized access and
destruction or altering of someone else's information or system.

As I read it, the use of nmap as an administrative and security tool is
allowed provided the attempted access into the system is authorized (make
sure you get it in writing though). It is clear that the legal ramifications
as they relate to unauthorized access into someone's system is still very
much in the development stages of our legal system. However, I think that
the article was geared more towards those who intend to use the tool with
malicious intent rather then the legitimate and authorized use of such
tools.

In short since none of us are intending to use tools like nmap illegally.
The continued development and use of powerful network
administrative/security tools such as nmap, Satan and crack will continue to
be improved and used in an open manner.

We all know that attempting access someone's system unauthorized should be
illegal!

-----Original Message-----
From: Thomas Reinke [mailto:reinkee-softinc.com]
Sent: Monday, June 11, 2001 12:20 AM
To: nmap-hackersinsecure.org
Subject: Re: nmap illegal to use?

There are some pretty compelling arguments in the paper, and a hell
of a lot of research backing it up.

If you have a legal interest in the issue, I'd suggest taking
a complete read through the paper.

Some of the interesting bits (and please note these are out of
context...you really should read the article located at
http://grove.ufl.edu/~techlaw/vol6/Preston.html)

"COMPUTER FRAUD, ACCESS AND NMAP:
Most American jurisdictions have computer crime laws which include
prohibitions on unauthorized access. ... As a threshold for criminal
liability, "access" proves to be a tremendously porous border."

TRANSLATING "ACCESS" INTO REAL LIFE ON THE INTERNET
"...A court deciding whether to assign liability would first inquire
into what technical measures were used; the court must find the
fences in cyberspace. Next, the court must decide whether the technical
measures were reasonable. The computer owner who failed to
protect against banner-grabbing should not have legal recourse when
banner grabbing identifies his operating system. A computer owner who
used a firewall that prevented port scans but not nmap-type OS
fingerprinting
might establish a strong case for liability against a nmap scanner."

Tom Brays wrote:
>
> Have you seen this one yet? Give me a break!
>
> "The Journal of Technology Law and Policy has a good article on computer
security and privacy. If you ignore the more metaphorical crap at the
beginning of the article, the author marches through some laws that apply to
the Internet and shows how they apply and why his way of deciding what kind
of access to a computer breaks the law and what kinds don't is better. (Its
based on property and expectations of privacy.) It's interesting to see the
computer security from a lawyer's point of view. Especially interesting are
his claims that using nmap is illegal, despite the VC3 v. Moulton case."
> --

--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to
nmap-hackers-helpinsecure.org . List run by ezmlm-idx (www.ezmlm.org).

--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to
nmap-hackers-helpinsecure.org . List run by ezmlm-idx (www.ezmlm.org).

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]