{"id":4768,"date":"2023-08-31T21:33:49","date_gmt":"2023-08-31T21:33:49","guid":{"rendered":"https:\/\/osintme.com\/?p=4768"},"modified":"2023-09-01T11:00:52","modified_gmt":"2023-09-01T11:00:52","slug":"resources-for-port-scanning-and-could-doing-it-land-you-in-prison","status":"publish","type":"post","link":"https:\/\/osintme.com\/index.php\/2023\/08\/31\/resources-for-port-scanning-and-could-doing-it-land-you-in-prison\/","title":{"rendered":"Resources for port scanning &#8211; and could doing it land you in prison"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"4768\" class=\"elementor elementor-4768\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4e7758c elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4e7758c\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-fcd376d\" data-id=\"fcd376d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-58afc19 elementor-widget elementor-widget-heading\" data-id=\"58afc19\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">What are ports and what is port scanning?<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-395f178 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"395f178\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-77edd31\" data-id=\"77edd31\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-13b140b elementor-widget elementor-widget-text-editor\" data-id=\"13b140b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Before getting into the proverbial weeds, let&#8217;s explain the basic concepts.<\/p><p><strong>Ports<\/strong> are nothing else but logical (not physical) communication gateways that allow the flow of information between two or more machines on a network.<\/p><p><strong>Port scanning<\/strong> &#8211; also sometimes referred to as network scanning &#8211; is a type of active reconnaissance used mainly by cybersecurity professionals to determine the level of a vulnerability of a given network.<\/p><p>Port scanning is conducted by sending series of messages from one computer to another, one message at the time to each port at the time.<\/p><p>The primary objective of port scanning is to identify what ports are enabled for the purpose of external communication and which are closed. Normally this is done by information security specialists who might switch off undesired communication channels by closing off unused ports.<\/p><p>For instance, a web server will always want to use ports 80 and 443 for HTTP \/ HTTPS communication essential for content delivery. On the other hand, Remote Desktop Protocol allowing remote control and access to other computers on port 3389 is not essential and should be closed for security reasons.<\/p><p>At the same time when infosec professionals are working to secure their systems, hackers scan those systems for vulnerabilities. Any benign security tool used for network security configuration can be a dangerous weapon when used by hackers for the opposite reason \u2013 network intrusion.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-d240d87 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d240d87\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-9b58a75\" data-id=\"9b58a75\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-31e397f elementor-widget elementor-widget-image\" data-id=\"31e397f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"589\" height=\"392\" src=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/08\/Screenshot-from-2023-08-31-21-36-16.png?fit=589%2C392&amp;ssl=1\" class=\"attachment-large size-large wp-image-4770\" alt=\"nmap port scanning\" srcset=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/08\/Screenshot-from-2023-08-31-21-36-16.png?w=589&amp;ssl=1 589w, https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/08\/Screenshot-from-2023-08-31-21-36-16.png?resize=300%2C200&amp;ssl=1 300w\" sizes=\"(max-width: 589px) 100vw, 589px\" \/>\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">.<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-597b4ec elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"597b4ec\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-6ae8e1a\" data-id=\"6ae8e1a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-1091344 elementor-widget elementor-widget-heading\" data-id=\"1091344\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Top 100 common ports<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-a778231 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"a778231\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-5b7d4ce\" data-id=\"5b7d4ce\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-dc0b83e elementor-widget elementor-widget-text-editor\" data-id=\"dc0b83e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Credit to <a href=\"https:\/\/networkverge.com\/\">NetworkVerge<\/a> for compiling this handy list of commonly used and known TCP and UDP ports, ready to be scanned:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-2ae69e0 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"2ae69e0\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-6d64134\" data-id=\"6d64134\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3537aaf elementor-widget elementor-widget-image\" data-id=\"3537aaf\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"683\" height=\"959\" src=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/08\/Screenshot-from-2023-08-31-22-01-07.png?fit=683%2C959&amp;ssl=1\" class=\"attachment-large size-large wp-image-4774\" alt=\"common TCP and UDP ports\" srcset=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/08\/Screenshot-from-2023-08-31-22-01-07.png?w=683&amp;ssl=1 683w, https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/08\/Screenshot-from-2023-08-31-22-01-07.png?resize=214%2C300&amp;ssl=1 214w\" sizes=\"(max-width: 683px) 100vw, 683px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4b0a3a8 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4b0a3a8\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ea171d4\" data-id=\"ea171d4\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3893ae9 elementor-widget elementor-widget-heading\" data-id=\"3893ae9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Port scanning tools<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-cebbc23 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"cebbc23\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-dd5d8df\" data-id=\"dd5d8df\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3d04bc5 elementor-widget elementor-widget-text-editor\" data-id=\"3d04bc5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li>The most popular and recognised port scanners out there are <a href=\"https:\/\/nmap.org\/\">Nmap<\/a> and its GUI-friendly sibling <a href=\"https:\/\/nmap.org\/zenmap\/\">Zenmap<\/a>. Both of these are available in iterations compatible with every reasonably common operating system.<\/li><li>Another reliable tool is <a href=\"https:\/\/netcat.sourceforge.net\/\">Netcat<\/a>, a command line tool for Linux and MacOS.<\/li><li>If you prefer a nice, efficient and convenient GUI, you can try out Solarwinds&#8217; <a href=\"https:\/\/www.solarwinds.com\/engineers-toolset\/use-cases\/open-port-scanner\">Open Port Scanner<\/a> on a fully functional free demo &#8211; 14 days trial.<\/li><li>For rapid, web based light scans without the need to install anything or dabble in configuration, check out the <a href=\"https:\/\/pentest-tools.com\/network-vulnerability-scanning\/tcp-port-scanner-online-nmap\">TCP Port Scan<\/a> from Pentest-Tools.<\/li><li>There are many other custom built, less known but yet\u00a0 effective tools for port scanning &#8211; to mention some like <a href=\"https:\/\/github.com\/marco-lancini\/goscan\">GoScan<\/a>, <a href=\"https:\/\/github.com\/robertdavidgraham\/masscan\">Masscan<\/a>, <a href=\"https:\/\/github.com\/RustScan\/RustScan\">RustScan<\/a>, <a href=\"https:\/\/github.com\/projectdiscovery\/naabu\">Naabu<\/a> and many other <a href=\"https:\/\/github.com\/search?q=%22port+scan%22&amp;type=repositories\">repositories on Github<\/a>.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-821e67b elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"821e67b\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-63b7d3e\" data-id=\"63b7d3e\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-1b9b4cc elementor-widget elementor-widget-heading\" data-id=\"1b9b4cc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">The legality of port scanning<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-84e898c elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"84e898c\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-f2cfb59\" data-id=\"f2cfb59\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-388d3ef elementor-widget elementor-widget-text-editor\" data-id=\"388d3ef\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>A port scan is not an attack on the scanned entity as it does not result in any detrimental effects. But from a legal standpoint it can be regarded as a malicious step in a whole sequence of events.<\/p><p>From a legal perspective (and retrospectively, for example during a trial) a port scan might signal an intention to commit a transgression that one can compare to ringing a doorbell at a house to see who is home, prior to committing a burglary.<\/p><p>Vulnerabilities can be detected as result of a port scan, which using our domestic crime analogy, might be similar to pulling at door handles to see are they locked or checking the windows for gaps where one can insert a prying implement.<\/p><p>Cases of criminal prosecution arising from port scanning are fairly rare,\u00a0but I discovered a couple of interesting ones through open source research:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-d1ef60a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d1ef60a\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-62c1a73\" data-id=\"62c1a73\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-97241b1 elementor-widget elementor-widget-text-editor\" data-id=\"97241b1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li><a href=\"http:\/\/www.internetlibrary.com\/pdf\/Moulton-VC3.pdf\">2000, US; Georgia District Court; Moulton v. VC3<\/a> \u2013 the defendant was an IT contractor tasked with installing an Internet connection between the 911 centre and a local police department. Moulton scanned the network on which the 911 system resided, and accidentally also scanned a Cherokee County web server owned by VC3, another IT company. He terminated the scan but VC3 reported the activity to the police stating that the scan was unauthorised and Moulton was arrested. The court ultimately ruled that no crime was committed.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-285838d elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"285838d\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-00906fb\" data-id=\"00906fb\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2235c61 elementor-widget elementor-widget-text-editor\" data-id=\"2235c61\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li><a href=\"http:\/\/abrahamtennenbaum.org\/2004\/02\/29\/the-state-of-israel-v-avi-mizrahi-case-no-3047-03-in-the-jerusalem-court\/\">2004, Israel; The State of Israel vs Avi Mizrahi<\/a> \u2013 The defendant was accused of conducting port scans on the website belonging to Mossad, the Israeli state intelligence agency. Mizrahi was charged with hacking offences but argued that he acted in the interest of public safety and that no intrusion took place. He was found not guilty.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-cfc392a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"cfc392a\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-05c5aa1\" data-id=\"05c5aa1\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-97a01cb elementor-widget elementor-widget-text-editor\" data-id=\"97a01cb\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li><a href=\"https:\/\/www.zdnet.com\/article\/tsunami-web-site-hacking-trial-delayed\/\">2005, UK; Horseferry Road Magistrates Court; R v Daniel Cuthbert<\/a> \u2013 The defendant made an online donation to a tsunami relief charity website, but became concerned afterwards it may have been a phishing site (when he did not receive a confirmation email for his payment). He started off with port scanning and proceeded further, gaining access to the website. He was found guilty of unauthorised access and fined \u00a3400. Based on the available evidence it appears that the court did not take issue with port scanning as such, but with crossing the line between passive and active recoinnassance.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-31f559e elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"31f559e\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-a9d93fe\" data-id=\"a9d93fe\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0634e53 elementor-widget elementor-widget-text-editor\" data-id=\"0634e53\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li><a href=\"https:\/\/techmonitor.ai\/technology\/cybersecurity\/halifax-port-scans\">2015-2018, UK; The Halifax Scan<\/a> \u2013 after his initial discovery in 2015, an English cybersecurity researcher Paul Moore attempted to sue the Halifax Bank for scanning ports on the computers of anybody who visited the bank\u2019s website. He argued that port scans on website visitors\u2019 machines without their consent was a violation of the UK\u2019s Computer Misuse Act (CMA). The bank defended their actions stating they were standard security practices. No legal action took place as no malicious intent on behalf of the bank was established, despite the existence of conflicting legal opinions on the matter.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-c526b88 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"c526b88\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-3691796\" data-id=\"3691796\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-df9b105 elementor-widget elementor-widget-text-editor\" data-id=\"df9b105\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li><a href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2020\/05\/25\/did-you-know-ebay-is-probing-your-computer-heres-how-to-stop-it-windows-privacy-chrome-firefox-web-browser\/?sh=1e199d963a92\">2020, worldwide; eBay user scans<\/a> \u2013 a US based security researcher Charlie Belmer discovered that eBay conducts port scans on every user as part of their &#8220;security checks&#8221; called the activity \u201cclearly malicious\u201d and suggested it can be illicit. No legal action or an attempt of one has taken place so far.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-1bd1b1f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1bd1b1f\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-d3aa9c4\" data-id=\"d3aa9c4\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-864a873 elementor-widget elementor-widget-heading\" data-id=\"864a873\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Legal protections when conducting port scans<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-d37d42d elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d37d42d\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-fc2fb2f\" data-id=\"fc2fb2f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-b23b6fc elementor-widget elementor-widget-text-editor\" data-id=\"b23b6fc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>I assume that most people reading this post will engage in port scanning for educational \/ network security purposes and not for any potentially illegal deeds. This is fine and there is nothing to worry about, especially if you bear in mind the following tenets of port scanning etiquette:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-fa55de4 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"fa55de4\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-6466e78\" data-id=\"6466e78\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-504e459 elementor-widget elementor-widget-text-editor\" data-id=\"504e459\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li>If you intend to scan ports on somebody\u2019s network, <strong>ask for permission<\/strong>. Explaining what you are doing and why will help you avoid any misunderstandings.<\/li><li>Contact the network administrator directly and inform them, especially if you intend to conduct lengthy or intense scans. If not notified, somebody whose day to day job is to secure and maintain a network might perceive your actions as an intrusion attempt.<\/li><li>Narrow down your searches and focus on specific subjects of your scan. Aimlessly scanning all the 65.536 TCP ports on every machine on a network is not only counterproductive but also questionable.<\/li><li>If scanning ports for any purpose other that a professional vulnerability scan while on a work or university network, remember that you might attract the attention of a local administrator. While no legal consequences might await you, you can still be sanctioned or even banned for breaching the acceptable use policy.<\/li><li>Before running scans from your home network, get familiar with the ISPs policy of fair usage. Nothing hurts an infosec or a pentesting enthusiast like a sudden, unexplained shutdown of the Internet connection.<\/li><li>And finally, if conducting any type of a professional assignment or assessment, make sure you have signed a contract that stipulates the dos and don\u2019ts. As it is always the case, once you operate within contractual boundaries, there is no liability and no legal threat.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Port scanning can be risky when not done right &#8211; so here is what to pay attention to if you want to avoid getting in trouble.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[18],"tags":[29,58,122,164,15],"class_list":["post-4768","post","type-post","status-publish","format-standard","hentry","category-digital-privacy-security","tag-links","tag-opsec","tag-pentesting","tag-ports","tag-security"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/posts\/4768","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/comments?post=4768"}],"version-history":[{"count":16,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/posts\/4768\/revisions"}],"predecessor-version":[{"id":4786,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/posts\/4768\/revisions\/4786"}],"wp:attachment":[{"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/media?parent=4768"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/categories?post=4768"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/tags?post=4768"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}