Is it illegal to Port scan someone without permission? Just wondering, what are the limits of this sort of thing? I mean, if you aren’t really infiltrating anything, can you still be in violation of the law?
Thanks
Last year, a Georgia court found that port scanning was legal because the small bandwidth involved did not constitute damage:
http://www.politechbot.com/p-01574.html
On the other hand, port scanning can make you a suspect and cause you a lot of trouble as the result of being targetted by an investigation. In one recent case, a college student read about a web site crack in an online forum and went to view the remains of the site. He port scanned the server and ran some probes to see what OS had been running, what patches were in place, etc. The authorities were monitoring the site and were both suspicious and annoyed. The police confiscated his computers and investigated him thoroughly. Ultimately, he was cleared and his gear was returned. The police justified their investigation by making the analogy that he was kicking around a crime scene and shouldn’t have been there to begin with. Sorry I don’t have a cite for this anectdote but it’s clear that even if it’s not a crime, it can be evidence of a crime.
Never mind what’s illegal, mind what’s practical. Most ISPs disallow Port Scanning initiating from their network. People who break the rule will be denied further service.
And rightfully so. If you walk around my house shaking all the locks, I’ll run you off with a stick. Never mind that you never broke in.
Port scanning per se is not illegal, but when combined with other actions you take can be considered clear evidence of a hacking attempt going on. Unless you are a network analyst working for the ISP, or a network god testing some new, super-ultra cool TCP/IP application, there is little legitimate use for port scanning.
That having been said…I have a very powerful port scanner that I have used as a “warning” to people who hack the UnaBoard. When I detect someone clearly doing something nefarious and probing my ports, I start multiple scans right back at them, so they know that I know what they are doing.