Was: Code Red 2 cleanup -- SHOULD NSPs PULL THE PLUG? Solutions?

Fri Aug 10 16:32:05 UTC 2001

On Fri, 10 Aug 2001, Etaoin Shrdlu wrote ( sanitized by z at s0be.net ):

> z at s0be.net wrote:
>
> >    I think an interesting solution to this problem, no matter how
> > unethical  would be to write a program that leverages the vulnerability to
> > patch the infected machine.    In fact, it surprises me that this hasn't
> > been done.
>
> It's illegal. Really. What's the difference between someone breaking into
> my machine and destroying stuff, and someone breaking into, say,
> x.x.x.x., and "fixing" it? None. It's illegal. And yes, I HATE the
> machine that is on the other end of that IP. It is apparently installed
> with either mandarin or cantonese, which means that it bothers me a LOT
> when it bothers me.
>
> It's a poorly configured win2k machine, with no proper reverse entry
> (although I know it belongs to OWNER_OF_x.x.x.x). Looking isn't
> illegal. I've even connected to his smtp server (but not bothered to send
> mail, since vrfy doesn't really guarantee that someone is there, and I have
> no evidence that he'd read email sent to administrator in any case). Sad,
> really.
>
> It's still illegal. Yes, it'd probably be a kindness. It's still illegal.
>

<--( SNIP )-->

Helu,

   I'm in agreement that it is illegal as well, however it does
raise an interesting issue:   Under what terms, if any, should various
parties whose infrastructure is under some form of attack be able to
defend themselves and what is the extent of that defense for a given
situation?

  I think that due dilligence should be carried out in any situation, to
give someone the chance to stop ( in most situations ), but where do you
draw the line?

  NOTE:  I'm not exactly condoning counterattacks, but I think in certain
situations I could definitely justify it in my mind if someone were to
take that course of action after exhausting their options for resolving a
situation in which they are under some form of attack.

.z