Firewall Wizards mailing list archives
RE: Botnets, IRC servers and firewalls?
From: "Mike McNutt" <mike.mcnutt () aqssys com>
Date: Thu, 5 Feb 2004 12:00:07 -0600
You own a car. Day after day, you drive your car to work and routinely lock your car doors. One day a thief steals your car, crashes it in a hit and run... people are injured. Do you share blame in the injuries of those people? Same scenario... only today you didn't lock you car because <insert plausible excuse/reason here>. Thief steals your car that isn't locked, crashes it in a hit and run, people get injured. Do you share blame in the injuries of those people? Not locking a car *may* be irresponsible, but to my knowledge it isn't illegal. Making a law that says cars must remain locked at all times to thwart car thieves would be oppresive IMO - because now [decent] people could be considered criminals that may not lock their car for <insert plausible excuse/reason here> ... How different is it for a computer that isn't "locked down"? It doesn't make sense to me that we should we go down the path of considering people criminals because they do not (or cannot) lock down their computers. I like the energy being expended on fixing the vulnerabilities and finding the hackers, but not oppressing normal people for their [lack of] computer knowledge. -----Original Message----- From: Marcus J. Ranum [mailto:mjr () ranum com] Sent: Thursday, February 05, 2004 10:13 AM To: Gadi Evron; Paul Robertson Cc: Gadi Evron; mlh () zipworld com au; Matt Bazan; firewall-wizards () honor icsalabs com Subject: Re: [fw-wiz] Botnets, IRC servers and firewalls? Gadi Evron wrote:
A user that runs an un-protected machine, or anyone for that matter, can be used to DDoS, spam, bounce hackers, commit frauds, etc. Who should be held liable for actions committed from that machine? Is this "the Trojan horse defense" again?
What I think is confusing this issue is that most people aren't comfortable with the concept that there's plenty of blame to go around. We want it to all land on one party. But that might not be the case. Legal philosophers would talk about this in terms of liability, moral philosophers in terms of responsibility. The end result is pretty much the same. No, you cannot give the user 100% of the blame if a hacker uses their unsecured machine to attack someone else. After all, if the hacker hadn't abused the machine, nothing bad would have happened. Indeed, blaming the victim is not a particularly acceptable answer, from a moral standpoint - and in the example above the user is also a victim. So you may have several parties who bear some responsibility, and you may have several parties who suffer varying degrees of damage. Legal systems are pretty used to dealing with these things - they just take time to catch up. mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Botnets, IRC servers and firewalls?, (continued)
- Re: Botnets, IRC servers and firewalls? Paul Robertson (Feb 05)
- Re: Botnets, IRC servers and firewalls? Gadi Evron (Feb 05)
- Re: Botnets, IRC servers and firewalls? Paul Robertson (Feb 05)
- Re: Botnets, IRC servers and firewalls? Gadi Evron (Feb 05)
- Re: Botnets, IRC servers and firewalls? Gadi Evron (Feb 05)
- Re: Botnets, IRC servers and firewalls? Paul Robertson (Feb 05)
- Re: Botnets, IRC servers and firewalls? Gadi Evron (Feb 05)
- Re: Botnets, IRC servers and firewalls? Paul Robertson (Feb 05)
- Re: Botnets, IRC servers and firewalls? Stephen P. Berry (Feb 21)
- Re: Botnets, IRC servers and firewalls? R. DuFresne (Feb 21)
- offtopic - drivers Re: Botnets, IRC servers and firewalls? Gary Flynn (Feb 05)