Internet-wide port scans

Either way, in the US at least, it's not legal to port scan random
machines on the internet, so this was a rather useless exercise. (And

Have a look at the talks done by Fyodor the creator of Nmap "Scanning the

Also if you are look for a host CloudSigma are open to Security Researches
using their VPS system for this kind of work.


I always thought it wasn't allowed because of 18 USC § 2701, but
IINAL, would be happy to hear otherwise :).

If a portscan allows access to stored communications, you have bigger

I was gonna say {{citation-needed}}, myself, but yeah: "Huh?"

-- jra

In particular, my understanding was that since you're sending a SYN,
it could very well initiate access to stored communications (although
that may have not been the intent of the SYN). But maybe I'm wrong --
and even if I'm right, this seems like something that probably
wouldn't hold in court very well anyways.

What 18 USC 2701 actually says, courtesy of

"Offense. - Except as provided in subsection (c) of this section whoever:

(1) intentionally accesses without authorization a facility through which an
electronic communication service is provided; or

(2) intentionally exceeds an authorization to access that facility;

and thereby obtains, alters, or prevents authorized access to a wire or
electronic communication while it is in electronic storage in such system shall
be punished as provided in subsection (b) of this section."

First off, I believe (but don't have citation handy) there's actual case law
that says that a SYN scan doesn't count as "access" (either without or exceeding
authorization). And that's *stored* communications (in other words, your
mail spool, not mail in-flight).

You're better off chasing 18 USC 2511 (wiretapping, where the bits are in
motion), and of course the 800 pound gorilla would be 18 USC 1030 (Fraud and
related activity in connection with computers).

And I'm pretty sure that an NMAP scan doesn't rise to the definition of
'accessed' for any of those. Of course, if the answer actually matters, ask a
competent lawyer you've paid for advice. :wink:

I always thought it wasn't allowed because of 18 USC § 2701, but
IINAL, would be happy to hear otherwise :).

18 USC 2701 is not necessarily the only consideration.

I would rather say that there might be a risk of criminal and civil
liability, for all entities intentionally participating in, assisting
as accomplices in, or facilitating as service provider, software
provider, providers of information or operating instructions, etc,
for, anyone conducting or intentionally assisting an unauthorized port
scan of a different ISP's address space, that varies with
jurisdiction, and you should consult your counsel, to determine if
any precautions are appropriate to manage the risk, such as obtaining
proper Letters of authorization from IP address assignees in advance,
or if the responsible entity determines that you must abstain from
the activity entirely, because the risk level is too high.

By definition a reputable service, will not have a policy that you
may execute internet-wide port scans of arbitrary ports that include
IP networks/addresses that are not either assigned to you, your ISP
customer, or that you have specific written permission to scan, as
they will want to manage the risks to themselves properly as well.

Port scans are strongly associated with malicious activity.

And there are other risks of adverse actions, besides legal ones, such
as the service provider's address space becoming widely blacklisted or
becoming depeered.

Before a network service provider offers any kind of service that
permits the SPs' services
to be used for arbitrary port scans of other remote networks, they are
likely to have taken steps to protect themselves, by setting some
terms of use and policy restrictions on what conditions and
parameters must be met, before a scan is allowed.