North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Was: Code Red 2 cleanup -- SHOULD NSPs PULL THE PLUG? Solutions?
On Fri, 10 Aug 2001, Etaoin Shrdlu wrote ( sanitized by [email protected] ): > [email protected] wrote: > > > I think an interesting solution to this problem, no matter how > > unethical would be to write a program that leverages the vulnerability to > > patch the infected machine. In fact, it surprises me that this hasn't > > been done. > > It's illegal. Really. What's the difference between someone breaking into > my machine and destroying stuff, and someone breaking into, say, > x.x.x.x., and "fixing" it? None. It's illegal. And yes, I HATE the > machine that is on the other end of that IP. It is apparently installed > with either mandarin or cantonese, which means that it bothers me a LOT > when it bothers me. > > It's a poorly configured win2k machine, with no proper reverse entry > (although I know it belongs to OWNER_OF_x.x.x.x). Looking isn't > illegal. I've even connected to his smtp server (but not bothered to send > mail, since vrfy doesn't really guarantee that someone is there, and I have > no evidence that he'd read email sent to administrator in any case). Sad, > really. > > It's still illegal. Yes, it'd probably be a kindness. It's still illegal. > <--( SNIP )--> Helu, I'm in agreement that it is illegal as well, however it does raise an interesting issue: Under what terms, if any, should various parties whose infrastructure is under some form of attack be able to defend themselves and what is the extent of that defense for a given situation? I think that due dilligence should be carried out in any situation, to give someone the chance to stop ( in most situations ), but where do you draw the line? NOTE: I'm not exactly condoning counterattacks, but I think in certain situations I could definitely justify it in my mind if someone were to take that course of action after exhausting their options for resolving a situation in which they are under some form of attack. .z