Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Using nmap as an ISP troubleshooting tool?
From: kx <kxmail () gmail com>
Date: Tue, 21 Mar 2006 02:37:31 -0500

I am not a lawyer, and you should consult a lawyer familiar with legal
precedents set in these murky waters.  I will caveat all of the
following with, I am a grad student and only casually acquainted with
these topics. If you don't get helpful answers here, you might try
NANOG.

-- begin musings --

I think the biggest thing you will run into with management is their
philosophy on responsibility for the hosts on their networks.  From my
understanding there is still a lot of grey area, but it falls into two
concepts:

Courts will hold ISPs responsible for the malicious traffic and hosts
on their network, so ISPs should be proactive and police their
networks.

Courts will not hold ISPs responsible as they are neutral service
providers.   There is a certain precedent for this as lots of law
suits against gun makers to hold them responsible for crimes committed
while using a firearm have lost or been dismissed.

I believe many network providers feel that if they regularly policed
their networks, it would set a precedent that they were being
responsible for hosts on their network and as such should be held
responsible, which is something they don't want.

In turn, would using nmap, a security auditing tool on your network be
construed as taking responsibility? I don't know, but definitely
consult a lawyer.

As for law that prohibits port scanning, so far the precedence says
no, but private "researchers" should be careful as computer crime
statutes vary widely.  Some references here:

http://seclists.org/lists/nmap-hackers/2003/Oct-Dec/0007.html

This gives you links to various state laws on computer crimes in general:

http://www.ncsl.org/programs/lis/cip/hacklaw.htm

However, as you are the ISP, you might have a huge open door on the
typical "authorized access" clauses. Especially if you state that such
tools will be used to troubleshoot network conditions in your Terms of
Service. Because it is benign and provides a value added to the
customer, I believe any judge would feel it was a enforceable
contract.

If you run a small ISP, would p0f help you catalogue and database your hosts?

What about considering a host based tool? Comcast and Verizon both
encourage the install of their "Help Desk" programs.  It is generally
Windows only and is not required to get online, but it might be an
option. I personally hate it, but it might fit your needs/business
model.

I hope that gets you thinking and hopefully you will hear some good
replies back from some operators on this list.

Cheers,
   kx


On 3/21/06, Simon <simon.xhz () gmail com> wrote:
Hi there,
 I'm new to this list, I've used nmap for about 5 years.  I'm not an
expert, I'm just a techie guy working for an ISP.  Not sure if this is
the right mailing list, but I'm wondering about a specific usage of
nmap.

 One of the main problems we have to face is the identification of
the client's OS and to know if there is a firewall or not, and if
possible to know what kind of firewall.  The main problem arise when
the client himself doesn't know what's installed on the machine or
when there is a language barrier that slows our work (for example
somebody that doesn't speak english well).

 I figured it could be great to start nmap on the client's PC (with
his verbal agreement to this) so we can gather more information from
nmap.  I'm sure it could really help in many situations and even if it
takes a minute to gather all the information,  but we could trigger
nmap at the beggining of our call with the client.

 I was wondering what are the key aspects in using nmap from a call
center, on the internal security perspective and on the
business-to-client relationship.  What would be the key words to use
to convince our management to allow us to use such a tool (or to make
a simplified interface that does the hard job with nmap)?  Is there
anything in the law that prevents this kind of usage, probably company
policies would be a barrier too... but what else?

If you have any ideas, please send them in!

Thanks,
 Simon


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]