On 2022-06-20, at 23:02, Mel Beckman <m...@beckman.org> wrote:
>
> Carsten,
>
> The discussion is not getting far afield: it’s on point. And it’s a hugely
> germane topic for network operators.
>
> Regarding your claim “You consented to receiving packets when connecting to
> the Internet“, I counter with what is in virtually every ISP’sAUP for
> customers: Unauthorized port scanning is expressly prohibited.
Of course they don’t want their customers to do that.
(They might find out that the ISP is cooking with water…)
I’m not your customer, though.
> I strongly suspect that this is probably also a violation of the U.S.
> Computer Abuse and Fraud Act, which criminalizes anyone who “Intentionally
> accesses a computer without authorization or exceeds authorized access, and
> thereby obtains … information from any protected computer.” A great many VA
> plug-ins attempt to — and often do — extract information they’re not
> authorized to.
You would think so, but then it turns out the CFAA is not actually being
policed in the way you think it should be.
(The whole thing is a bit of a “soviet law" situation, where everyone is
routinely doing things that could theoretically be criminalized, but aren’t,
except when some thug is exceptionally interested in doing so and can thus
abuse the law to exert unreasonable power over you.)
So CFAA is more a case of us logical people trying to interpret a law that
clearly is not subject to applying logic.
In any case, I’d argue I’m concludently authorized by you having opened to my
access that port I’m probing — the computer simply isn’t “protected”.
.oOo.
I can understand very well that everyone here is allergic to the large-scale
scanners (most of which are done in a spectacularly stupid way) that are
loading our servers. That problem is not being solved by banning
well-thought-out academic research; you wouldn’t be able to note the difference
if that stopped.
(Oh, and, as a service, our ISP scans our ports and looks for vulns, which is a
good service so we don’t have to do this as much for systems set up by our
students.)
Grüße, Carsten
