Hey Salo. I know that the act of port scanning without permission is illegal even though easily done thanks to Fyodor's nmap. The thing is that I find it really funny that I can not distribute nmap legally to a friend at some other point of the Internet and ask him to port scan my IP address. Then I have broken the two laws section 9 a and 9 b in the finnish criminal code and he has broken section 9 b most likely even without knowing this. My teacher teached us how to use nmap for checking if our Linux servers had any ports open. Did we break the law by posessing nmap on computers which we were using at the time? I have been alerted by ISP once about doing these tasks, which may seem malicious from home to my own server. The ISP only asked back then to scan my computer for viruses and I told them I have been generating that traffic to my own dedicated server and they took the block away. The problem I really find annoying about this is that it does not define what is malicious designed software because something like metasploit can be used to secure other software, but it can also be used as malicious tool to make harm to others. On 04/06/2014 11:24 AM, Henri Salo wrote:
On Sat, Apr 05, 2014 at 01:23:51PM +0300, Toni Korpela wrote:Greetings from Finland. I know that here it is illegal to import, manufacture, sell or otherwise distribute such machine or software which are designed to endanger or harm information and communication systems.<snip> Basic examples, which I have personally encountered: 1) Not allowed to port scan. Some ISPs are already monitoring and warning users in case they do port scanning, but the reason for alerting might only be that they monitor and try to get rid of malware in their networks. 2) Not allowed to list vulnerable systems. I can't for example list all non-updated WordPress installations with their version numbers even this information is available to anyone. --- Henri Salo
_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/