Network and Port Scanning is An Offence

by Annie Yu

Scanning the University network or the ports on the network is a normal exercise carried out by any network administrator. However, if it is performed without prior approval, it is considered as an offence. It will be disastrous if such activities are adopted by hackers who will make use of the University or external facilities to search for vulnerable systems within the University network or other sites as break-in targets. In fact, a number of incidents had occurred in the past whereby complaints had been received from other Internet sites. In one particular case, the children of a University staff had engaged in similar activities using the staff's PC. Although some of these cases were not intentional, nevertheless, they posed serious threats to the University network as well as the privacy of others, which immediately prompted the Information Systems Advisory Committee to take actions.

In mid February 2000, the network/port scanning policy was established and enforced by the Computing Services Centre (CSC) to take disciplinary actions if 'unusual' or 'unauthorised' network or port scanning on either the University network or sites outside the University has been detected. Depending on the type of users, the responsible parties are penalised accordingly:

  1. If a staff member is found performing unauthorised network and port scanning activities, for the first time, he/she will be warned and his/her department head will be informed. Further offences will be reported to the Human Resources Office for action.

  2. If a student is found performing unauthorised network or port scanning activities, for the first time, he/she will be either warned (by e-mail or in person) or his/her computer account(s) suspended for one week. His/her department will also be notified. On the second offence, his/her computer account will be suspended for a month. Further offences thereafter will be reported to the Student Disciplinary Committee for action.

  3. The network administer of a department is allowed to scan the systems within the department subject to the approval from the department head and prior notification in writing to the CSC.

Sad to say, after implementation of the network/port scanning policy, unauthorised scanning activities still exist especially in the modem pool. Gathered from the logged events detected by gateway routers maintained by the CSC, there were still students who violated the policy and were subsequently penalised for their actions. However, during the investigation, it was found that some scanning activities might have been performed by anonymous hackers using trojan horses such as NetBus and Back Orifice via compromised PCs of the students. Unfortunately, the students concerned were still liable to the outcome of such scanning activities since they are owners of the originating PCs. To avoid this situation from happening, it is important to bear the following in mind:

  1. Protect your account/password well and change your account password frequently

  2. Do not download/run unknown programs from the Internet

  3. Use updated personal firewall or equivalent programs to protect your PC

  4. Ask for help if you find that your PC behaves strangely

  5. Format your hard disk and re-install the system with care, if necessary or in doubt

  6. Refrain from lending your PC to others

In order to maintain a healthy computing environment, it is important that each and every one of us should follow the rules and policies set out by the University.