May 11, 2021

Is Nmaping/port scanning illegal?

Home Forums Is Nmaping/port scanning illegal?

This topic contains 1 reply, has 2 voices, and was last updated by  Dump-ster-Fire 2 weeks, 6 days ago.

  • Author
    Posts
  • #385555

    anonymous
    Participant

    I’ve seen a lot of post about people saying they’ve done their first ever nmap/port scanning session and talked about what they did and found and what not. I understand this is kind of like the first step into hacking so I was wondering if that’s why so many people make a post about it.

    I’m new and havent done anything like that yet but have been thinking of doing one soon but I just wanted to ask if it was illegal cuz I’ve seen a few different answers to this question. Thanks!

  • #385556

    Dump-ster-Fire

    Interesting question.
    ALMOST no, but slightly more complex as legal things almost always are.

    [https://www.calyptix.com/top-threats/port-scanning-legal-answers-companies/](https://www.calyptix.com/top-threats/port-scanning-legal-answers-companies/)

  • #385557

    jrosend963

    ### Inappropriate Usage

    Because of the slight risk of crashes and because a few black hats like to use Nmap for reconnaissance prior to attacking systems, there are administrators who become upset and may complain when their system is scanned. Thus, it is often advisable to request permission before doing even a light scan of a network.

    Nmap should never be installed with special privileges (e.g. suid root). That would open up a major security vulnerability as other users on the system (or attackers) could use it for privilege escalation.

    Nmap is not designed, manufactured, or intended for use in hazardous environments requiring fail- safe performance where the failure of the software could lead directly to death, personal injury, or significant physical or environmental damage.

  • #385558

    BeanBagKing

    As /u/Dump-ster-Fire said. More importantly, don’t do anything without authorization. You can setup your own home lab with VM’s to play with, stand up Amazon EC2 instances, which no longer require pentest authorization forms (do read the ToS regarding denial of service and other things though), or use a site that allows it (some CTF/labs, and http://scanme.nmap.org/)

  • #385559

    399ddf95

    It depends on where you are and where the computers being scanned are.

    As a general rule, it’s not illegal but some easily offended system/network administrators can get upset if you do it.

    If you want to learn, set up your own lab environment and scan your own machines, so you can see what the scans look like from the perspective of the machine that scans and the machine that’s being scanned.

  • #385560

    rocket___goblin

    its more of a grey area, because it can be intrusive. granted you probably wont immediately get arrested and hauled off to jail for a scan, but you will probably receive a nasty letter in the mail asking you to stop or legal actions will be taken.

  • #385561

    blackbeardaegis

    No

You must be logged in to reply to this topic.