Security Focus: Port scans legal, judge saysDec 18, 2000, 21:24 (0 Talkback[s])
(Other stories by Kevin Poulsen)
"A tiff between two IT contractors that spiraled into federal court ended last month with a U.S. district court ruling in Georgia that port scanning a network does not damage it, under a section of the anti-hacking laws that allows victims of cyber attack to sue an attacker."
"Last week both sides agreed not to appeal the decision by judge Thomas Thrash, who found that the value of time spent investigating a port scan can not be considered damage. "The statute clearly states that the damage must be an impairment to the integrity and availability of the network," wrote the judge, who found that a port scan impaired neither."
"It says you can't create your own damages by investigating something that would not otherwise be a crime," says hacker defense attorney Jennifer Granick. "It's a good decision for computer security researchers."
"A port scan is a remote probe of the services a computer is running. While it can be a precursor to an intrusion attempt, it does not in itself allow access to a remote system. Port-scanning programs are found in the virtual tool chests of both Internet outlaws and cyber security professionals."