To fully elaborate on why port scanning may be illegal in some countries, it is incredibly crucial first to understand what port scanning does and where its functionalities may be applied. A port is similar to that of an internet protocol address. An IP address identifies a computer on a network, and that address works similarly to a person’s home address. Its primary purpose is to identify the host machine sending out the data packet requests and return responding packets back to that host machine. A port works in a similar fashion but with a caveat. Instead of identifying the computer, it identifies the specific application on the host machine that initiated the requests and returns the corresponding data back to that specific application. To put it in a real-world analogy, you could see the IP address as a business plaza’s main mailbox, which accurately and correctly identifies the main plaza to the mail carriers. Whereas in contrast, the ports identify each individual business by their respective suite numbers. With that said, it is imperative to keep in mind that ports are used by all operating systems and applications. Therefore, every time we use an application on our machine, we are subject to opening new ports on the system. Leaving too many ports open, especially ports that are known to be unsafe or have been exploited in the past could lead to an enormous amount of security risks. Security professionals know this trick, and so do people with malicious intentions. For that very reason, unless one needs to perform a contractually obligated security infiltration test for a client company, it is generally not a good idea to perform a port scan on a remote server. Although there are no federal or state laws forbidding this practice, performing unauthorized scanning could lead to potential civil disputes. If it has affected someone’s business operation, it could lead to very hefty restitution ordered by the courts or pay an insane amount of regulatory fines.