[1] The majority of uses of a port scan are not attacks, but rather simple probes to determine services available on a remote machine.
The latter is typically used to search for a specific service, for example, an SQL-based computer worm may portsweep looking for hosts listening on TCP port 1433.
This method is "noisy", particularly if it is a "portsweep": the services can log the sender IP address and Intrusion detection systems can raise an alarm.
Rather than using the operating system's network functions, the port scanner generates raw IP packets itself, and monitors for responses.
[4] An alternative approach is to send application-specific UDP packets, hoping to generate an application layer response.
[6] Rarely used because of its outdated nature, window scanning is fairly untrustworthy in determining whether a port is opened or closed.
Using this scanning technique with systems that no longer support this implementation returns 0's for the window field, labeling open ports as closed.
[6] Many Internet service providers restrict their customers' ability to perform port scans to destinations outside of their home networks.
[9][10] Some ISPs implement packet filters or transparent proxies that prevent outgoing service requests to certain ports.
Such behavior can compromise the security of a network and the computers therein, resulting in the loss or exposure of sensitive information and the ability to do work.
But a port scan is often viewed as a first step for an attack, and is therefore taken seriously because it can disclose much sensitive information about the host.
[12] Because of the inherently open and decentralized architecture of the Internet, lawmakers have struggled since its creation to define legal boundaries that permit effective prosecution of cybercriminals.
Cases involving port scanning activities are an example of the difficulties encountered in judging violations.
Although these cases are rare, most of the time the legal process involves proving that an intent to commit a break-in or unauthorized access existed, rather than just the performance of a port scan.
On April 9, 2003, he was convicted of the charge by the Supreme Court of Finland and ordered to pay US$12,000 for the expense of the forensic analysis made by the bank.
[14] In 2006, the UK Parliament had voted an amendment to the Computer Misuse Act 1990 such that a person is guilty of an offence who "makes, adapts, supplies or offers to supply any article knowing that it is designed or adapted for use in the course of or in connection with an offence under section 1 or 3 [of the CMA]".
At this time, his IT service company had an ongoing contract with Cherokee County of Georgia to maintain and upgrade the 911 center security.
He was acquitted in 2000, with judge Thomas Thrash ruling in Moulton v. VC3 (N.D. Ga. 2000)[18] that there was no damage impairing the integrity and availability of the network.