Port scanning is an invasive activity. Port scanning is the process of checking to see if a network is available or not. Port scanning can also cause denial of service on a network if it is scanned long enough. The type of scans that are done are half scans, FIN scans, XMAS scans and other stealth scans that could be used to penetrate a firewall. The ports can be filtered, opened, or closed.
Cases have been attempted to convict people for doing port scans, but the courts have time and time again said as long as people are just scanning they are not committing a crime. The rules do vary from state to state. One of the more famous cases is Moulton vs VC3 where Scott Moulton, a owner and operator of a security company was trying to test the county’s 911 system for vulnerabilities and discovered VC3’s firewall. The judge after Scott explained it to him agreed that it was not a crime. That was in 2000.
But just because it is not illegal by the law does not mean that it is not invasive and uses computer and network resources. It has to send traffic to each port in order to discover if it is an open or closed port. Even if you are not receiving data or information from the ports you are getting information about the network and the company’s network and infrastructure. You are learning how secure or unsecure they are. You in some instincts learn what programs or equipment they may be using.
