Legal implications of port scanning using nmap



Legality of using Port Scanners

Port Scanners have come in controversy a lot number of times, depending on its legality. Port Scanning may be proved to be a crime, if it is performed with a intent of breaking into others system.

Here are some of the cases, involving Port Scanning :

In June 2003, an Israeli, Avi Mizrahi, was accused by the Israeli Police of the offense of attempting the unauthorized access of computer material. He had port scanned the Mossad website. He was acquitted of all charges on February 29, 2004. The judge ruled that these kinds of actions should not be discouraged when they are performed in a positive way.[12]

A 17-year old Finn was accused of attempted computer break-in by a major Finnish bank. On April 9, 2003, he was convicted of the charge by the Supreme Court and ordered to pay US$ 12,000 for the expense of the forensic analysis made by the bank. In 1998, he had port scanned the bank network in an attempt to access the closed network, but failed to do so.[13]

In December 1999, Scott Moulton was arrested by the FBI and accused of attempted computer trespassing under Georgia's Computer Systems Protection Act and Computer Fraud and Abuse Act of America. At this time, his IT service company had a ongoing contract with Cherokee County of Georgia to maintain and upgrade the 911 center security. He performed several port scans on Cherokee County servers to check their security and eventually port scanned a web server monitored by another IT company, provoking a tiff which ended up in a tribunal. He was acquitted in 2000, the judge ruling there was no damage impairing the integrity and availability of the network.[14]

So, it is best advisable to perform all the port scans on the network you’ve permission or which you yourself own.