North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Huge smurf attack

  • From: Dalvenjah FoxFire
  • Date: Tue Jan 12 17:34:47 1999

On Tue, Jan 12, 1999 at 03:06:58PM -0500, Dean Anderson put this into my mailbox:

> Criminal.   DOS attacks are covered by 18 USC 1030.  And I think there
> might even be smurf included in the Kevin Mitnick case, but I'm not sure
> about that.

Right; that stuff applies to *directly causing* the attack though (e.g.
hacking root on a colocated linux box and typing ./smurf
I'm talking about filing some sort of legal action against the intermediaries
(smurf relays) who get used by the cracker during the smurf; IANAL, but
I would presume if you could show negligence in not being vigilant about
security, and then do something showing that they indirectly caused you
damage, you could get some sort of action taken against the relays.

Right now there's no consequence for ignoring hacked boxes and/or
misconfigured routers (smurf relays); every now and then when I mail the
contacts one person or other sends me mail back threatening to sue me for
threatening them and all sorts of other cruft (fortunately, this has been
a reasonably uninvolved person who was on one of the contact addresses, and
the person who actually fixed the routers was happy to do so and did so at
my request.). It would be nice to be able to explain to this person with
certainty that if it came to a court battle, I would have a better case than
he did and be able to cite precedents. In that case, I would also most
likely be able to talk to this person's legal department and they would
taking care of the situation (including the mis-clued person who thinks I'm
in the wrong).


 Dalvenjah FoxFire (aka Sven Nielsen) "Every time he hits the 20 hour mark he
 Founder, the DALnet IRC Network       becomes Mr. Potato Head!"
 e-mail: [email protected]             WWW:
 whois: SN90                           Try DALnet!