how to deal with port scan and brute force attack from AS 8075 ?
owen at delong.com
Mon Apr 11 18:18:43 UTC 2016
> On Apr 7, 2016, at 07:41 , William Herrin <bill at herrin.us> wrote:
> On Thu, Mar 31, 2016 at 5:36 AM, Bacon Zombie <baconzombie at gmail.com> wrote:
>> I would ignore the portscans since there is nothing wrong with portscanning
>> the Internet.
> You might want to check with your lawyer on that. If you
> _intentionally_ port-scan a computer located in Virginia without the
> owner's permission (and do nothing else, just port-scan it) it's a
> class 3 misdemeanor under 18.2-152.1, et seq. That's up to a $500 fine
> for each computer you scan. By comparison, shoplifting is a class 1
> misdemeanor while possession of a schedule V narcotic is another class
I think you’re on shaky ground here.
Any person who uses a computer or computer network, without authority and:
1. Obtains property or services by false pretenses;
2. Embezzles or commits larceny; or
3. Converts the property of another;
is guilty of the crime of computer fraud.
If the value of the property or services obtained is $200 or more, the crime of computer fraud shall be punishable as a Class 5 felony. Where the value of the property or services obtained is less than $200, the crime of computer fraud shall be punishable as a Class 1 misdemeanor.
The requirements here are to meet at least one of the 3 tests listed.
I think it’s rather hard to claim that a portscan by itself “obtained property or services by false pretenses”.
I think it’s even harder to claim that it constitutes “embezzling” or “larceny”.
I also think you’d have a tough time arguing that eliciting a response packet to one or more packets actually constitutes conversion of property.
So I don’t see how you’d make much of a case for a port-scan being a violation of 18.2-152.1 et. seq.
I think the argument, rather easily, could be made that a port-scan is the internet equivalent of a door-knock. By itself, it doesn’t constitute unlawful entry. Now, a persistent door-knock might constitute some form of harassment and frequent or continuous port-scans could be argued to be a form of denial of service (which would constitute conversion), but the odd port-scan is unlikely to meet the tests under the law you cited.
> A key word here is "intentionally." Poking at it by mistake (e.g. you
> thought it was a different computer which you had the authority to
> scan) is not a crime. Nor, most likely, is less aggressive behavior
> which would not ordinarily be part of gaining unauthorized access,
> such as pinging or tracerouting.
I could be wrong, IANAL, but I’d be surprised if a mere portscan would actually be treated as a violation for the reasons cited above.
> Not that I've ever heard of someone being fined but you're definitely
> in to "something wrong" territory.
I don’t think you’ve made your case for “definite” so far. I agree you might be at risk from an overzealous prosecutor and an activist judge that hates hackers for some reason, but short of that, I think you’re unlikely to run afoul of this statute just on a port scan.
More information about the NANOG