[Dshield] Question on appropriate university research

Fixer fixer at gci.net
Thu Sep 20 15:22:12 GMT 2007

Actually, filing a criminal complaint might not be out of the question
(though I seriously doubt any prosecutor would bother).
Different states in the US have different interpretations of what
constitutes "unlawful access" to a system.  In some states all
you need to do is "connect" to a machine.  In theory that could mean
just completing the 3-way handshake, or possibly even just
a SYN packet. Like I said I doubt any prosecutor in his/her right mind
would bother trying, but it is conceivable.

As to a civil suit, there's no way.  There was a case in Georgia
(Moulton v VC3) that dealt with just this issue.  The court
determined that since no damage was done and there was no interruption
in service that the liability just wasn't there.

Dotzero wrote:
> On 9/19/07, Brad Tilley <brad.tilley at vt.edu> wrote:
>>> Lastly, if you feel that strongly then file a civil suit.
>> And what exactly are the *damages* from the port scan. They can't just
>> sue b/c of the port scan. They would have to demonstrate and quantify
>> the damages caused by that scan. If they cannot do that... they can't sue.
> And that is the point. If it isn't going to be prosecuted in a
> criminal action and you can show a quantifiable tort for a civil
> action..... then what exactly are "you" doing.
> Much ado about nothing.......
> _________________________________________
> SANS Network Security 2007 in Las Vegas September 22-30. 39 courses,
> SANS top instructors.  http://www.sans.org/info/9346

More information about the list mailing list