North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Netgate.net.nz/ORBS spam colusion
Hmm, what does mean _PROBE? If my Unix open TCP connection with You windows, it does not mean I probe YOUR property; this deal concern this twoi OS only... I do not think anyone except may be Americal lawers (ORBS are out of their scope) can accuse them; they only run some anty-relkaying system, not more... It looks like Y2K problem. Don't be too paranoyed about them; block them if they bother you, and forget this problem. Even if some lawers can open the suite, it's 100% useless. On Sat, 8 Jan 2000, Dean Anderson wrote: > Date: Sat, 08 Jan 2000 17:30:15 -0500 > From: Dean Anderson <[email protected]> > To: Owen DeLong <[email protected]>, [email protected], [email protected] > Cc: [email protected] > Subject: Re: Netgate.net.nz/ORBS spam colusion > > > Around 08:14 AM 1/8/2000 -0800, rumor has it that Owen DeLong said: > > > > > >However, I must question whether the activity Dean discusses is actually > >criminal. He does not accuse them of carrying out the attacks, he > >accuses them of transporting information published by a third party > >which notifies the world that his site is vulnerable to these attacks. > > Umm, for the record, I do make such an accusation. When they probe a > non-public government computer, they are violating 18 USC 1030 Sections > 2(b), 2(c), and 3. Those are criminal violations. You simply may not > probe government computers. Doing so is immediately a crime. The $5000 > limit is only for non-government computers. > > Then they do other things, some of which are criminal (fraud is criminal), > and some of which may not be. > > >Since Dean has published information to NANOG and other public forums > >stating that: > > 1. His sites _ARE_ vulnerable. > > My customer shell servers' telnet sessions are vulnerable to password > theft, and password guessing. So are yours. So what? > > > 2. He has no willingness to fix these vulnerabilities. > > There isn't anyway to fix them. There may be a protocol extension in the > future, but its not here yet. I've been through this with 50 people in the > last 6 months. That doesn't permit others to exploit them. > > > 3. He intends to make the internet at large responsible > > for his negligence WRT these sites. > > We have no negligence. And we do not hold the internet at large > responsible. Just those that exploit protocol vulnerabilites, and those who > assist with the exploitation. If your customer commits crimes, and you > don't do anything about it after complaints are made, I expect that you > bear responsibility and liability. > > >I seriously doubt that publishing a list of known public-nuissances > >is genuinely illegal. Further, unless Dean has presented netgate > >with a court-order showing that the court has indeed found said > >activity to be illegal, I think they would be negligent in turning > >off said service. > > So publishing a list of sites which have vulnerabilities detected by SATAN > scans wouldn't be illegal? Thats what you are saying. > > As far as court orders go, the point of this discussion is to make sure we > have exhausted all non-litiguous options. > > >How would you like it if your ISP shut you down because I > >complained to them that you were sending out messages that > >contained information that was publicly available, but which > >I didn't want published? That's what Dean's really saying. > > No, its not what I'm saying. Would you object if I published a list of > your servers which could be broken into, and said that it was OK with you > to break into those systems? I think you would. > > But if you wouldn't mind, I'll be happy to have your permission to scan > your net with SATAN and publish a web page for the script kiddies. What > was that? You don't give me permission? I didn't think so. > > > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > Plain Aviation, Inc [email protected] > LAN/WAN/UNIX/NT/TCPIP http://www.av8.com > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > Aleksei Roudnev, (+1 415) 585-3489 /San Francisco CA/
|