[40510] in North American Network Operators' Group
Re: Was: Code Red 2 cleanup -- SHOULD NSPs PULL THE PLUG? Solutions?
daemon@ATHENA.MIT.EDU (z@s0be.net)
Fri Aug 10 12:35:20 2001
Date: Fri, 10 Aug 2001 09:32:05 -0700 (PDT)
From: <z@s0be.net>
To: Etaoin Shrdlu <shrdlu@deaddrop.org>
Cc: <nanog@nanog.org>
In-Reply-To: <3B73A799.1B8FFF21@deaddrop.org>
Message-ID: <Pine.GSO.4.33.0108100915120.5292-100000@power.s0be.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, 10 Aug 2001, Etaoin Shrdlu wrote ( sanitized by z@s0be.net ):
> z@s0be.net wrote:
>
> > I think an interesting solution to this problem, no matter how
> > unethical would be to write a program that leverages the vulnerability to
> > patch the infected machine. In fact, it surprises me that this hasn't
> > been done.
>
> It's illegal. Really. What's the difference between someone breaking into
> my machine and destroying stuff, and someone breaking into, say,
> x.x.x.x., and "fixing" it? None. It's illegal. And yes, I HATE the
> machine that is on the other end of that IP. It is apparently installed
> with either mandarin or cantonese, which means that it bothers me a LOT
> when it bothers me.
>
> It's a poorly configured win2k machine, with no proper reverse entry
> (although I know it belongs to OWNER_OF_x.x.x.x). Looking isn't
> illegal. I've even connected to his smtp server (but not bothered to send
> mail, since vrfy doesn't really guarantee that someone is there, and I have
> no evidence that he'd read email sent to administrator in any case). Sad,
> really.
>
> It's still illegal. Yes, it'd probably be a kindness. It's still illegal.
>
<--( SNIP )-->
Helu,
I'm in agreement that it is illegal as well, however it does
raise an interesting issue: Under what terms, if any, should various
parties whose infrastructure is under some form of attack be able to
defend themselves and what is the extent of that defense for a given
situation?
I think that due dilligence should be carried out in any situation, to
give someone the chance to stop ( in most situations ), but where do you
draw the line?
NOTE: I'm not exactly condoning counterattacks, but I think in certain
situations I could definitely justify it in my mind if someone were to
take that course of action after exhausting their options for resolving a
situation in which they are under some form of attack.
.z
