[40510] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: Was: Code Red 2 cleanup -- SHOULD NSPs PULL THE PLUG? Solutions?

daemon@ATHENA.MIT.EDU (z@s0be.net)
Fri Aug 10 12:35:20 2001

Date: Fri, 10 Aug 2001 09:32:05 -0700 (PDT)
From: <z@s0be.net>
To: Etaoin Shrdlu <shrdlu@deaddrop.org>
Cc: <nanog@nanog.org>
In-Reply-To: <3B73A799.1B8FFF21@deaddrop.org>
Message-ID: <Pine.GSO.4.33.0108100915120.5292-100000@power.s0be.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu




On Fri, 10 Aug 2001, Etaoin Shrdlu wrote ( sanitized by z@s0be.net ):

> z@s0be.net wrote:
>
> >    I think an interesting solution to this problem, no matter how
> > unethical  would be to write a program that leverages the vulnerability to
> > patch the infected machine.    In fact, it surprises me that this hasn't
> > been done.
>
> It's illegal. Really. What's the difference between someone breaking into
> my machine and destroying stuff, and someone breaking into, say,
> x.x.x.x., and "fixing" it? None. It's illegal. And yes, I HATE the
> machine that is on the other end of that IP. It is apparently installed
> with either mandarin or cantonese, which means that it bothers me a LOT
> when it bothers me.
>
> It's a poorly configured win2k machine, with no proper reverse entry
> (although I know it belongs to OWNER_OF_x.x.x.x). Looking isn't
> illegal. I've even connected to his smtp server (but not bothered to send
> mail, since vrfy doesn't really guarantee that someone is there, and I have
> no evidence that he'd read email sent to administrator in any case). Sad,
> really.
>
> It's still illegal. Yes, it'd probably be a kindness. It's still illegal.
>


<--( SNIP )-->

Helu,

   I'm in agreement that it is illegal as well, however it does
raise an interesting issue:   Under what terms, if any, should various
parties whose infrastructure is under some form of attack be able to
defend themselves and what is the extent of that defense for a given
situation?

  I think that due dilligence should be carried out in any situation, to
give someone the chance to stop ( in most situations ), but where do you
draw the line?

  NOTE:  I'm not exactly condoning counterattacks, but I think in certain
situations I could definitely justify it in my mind if someone were to
take that course of action after exhausting their options for resolving a
situation in which they are under some form of attack.



.z





home help back first fref pref prev next nref lref last post