IKE/IPsec connection attempt -Is this legal?

Question

I manage IT for a small school. We have an IPSec tunnel up between two sites.

This morning I saw alerts that showed some unknown IP was attempting to negotiate an IPSec/IKE session with my firewall. In fact, it was happening independently at both sites originating from the same public IP. A whois on the IP showed it resolves to a major US University. I assumed it was a bored college student and didn't think much of it, but called the University's Abuse number anyway and left them a message.

I received a return call from an InfoSec guy at the college within 5 minutes, but to my surprise he told me their "engineering school" was performing some "research" on "IPSec and IKE..." He said I could send an email to open a ticket to request that my IP ranges were omitted from further "testing."

This seems like a really strange thing for a Ivy League school on the other coast to be doing to my network in Seattle. Is it legal?

For legal questions please use law.stackexchange.com. Chances are that you only get some more or less informed opinions here but no real expertise. — Steffen Ullrich, Oct 25 '16 at 19:59
I try to figure out what a "Ivy League" school is. Are schools rated by what league their sports teams play in? — Dog eat cat world, Oct 26 '16 at 13:05

RedBullNinja · Answer 1 · 2016-10-25T20:05:43.100

0

You need to read up on the state laws that govern computer activity.

By the sounds of things they were attempting to gain access to your network without permission. I'm not a legal expert but it sounds to me that it's not legal.

One could argue that what they are doing is legal because they did not actually gain access unauthorized access to your network. However it's my opinion that they shouldn't be trying, successful or otherwise.

Maybe you should try and get more information on what exactly it was that they were 'testing'?

edited Oct 25 '16 at 20:05

answered Oct 25 '16 at 19:57

RedBullNinja

534
2
5

CFAA only applies to "protected computers" which is limited to computers involved in financial institutions or those involved in interstate commerce. I think the OP is going to need to look at state/local laws. – John Wu Oct 25 '16 at 20:01
I'm inclined to agree. I can't seem to find much information on US hacking laws for some reason. – RedBullNinja Oct 25 '16 at 20:04
To be clear, I'm not considering taking legal action or anything like that. It just seems odd and I was curious what the InfoSec folks would think of it. Just opening a dialogue since I don't have any peers at work to bounce ideas off of. – Tedwin Oct 25 '16 at 20:20

IKE/IPsec connection attempt -Is this legal?

1 Answers1