Security Incidents mailing list archives
Re: probe backs? was Re: [INCIDENTS] Korea
From: mpemble () ISINTEGRATION CO UK (Matthew Pemble)
Date: Tue, 1 Feb 2000 08:34:42 -0000
This thread seems to be boiling down to (apart from the gripes about Korea) to: "If you are probed by a system, what is your moral and legal rights to do 'something' about it. And, what is an appropriate 'something'." I have no intention about spouting off about the law, basically because as James Drissel showed, we are all from varying jurisdictions and even if I was a lawyer, the appropriate law would vary considerably. (In my case, it is normally the UK's Computer Misuse Act 1990, and telnetting to the rootshell would strictly be a Section One offence, but you would never get prosecuted due to the lack of warnings.) Morally then: two issues - we want to stop this happening again to us, and we probably want to help the hacked computer's owners get their box back to normal. Most importantly, why have they / the source box been hacked? 1. They are too busy to monitor all the various bugtraqs and advisories and apply the appropriate patches when / if those are released. 2. They do not have the knowledge to monitor and apply as 1. 3. They are too lazy to m&a or otherwise just don't care. Morally, 3 seems to be the easiest. In that case, would you be justified in any action (legal in your jurisdiction), which did not result in a DoS to legit users, to protect your system? Opinions (not flames), please. In case 1 or 2, wouldn't you, as a harassed or newbie sysadmin, find a reasoned and helpful statement of what was wrong with your system and how to fix it more useful than a "You attacked my box, sort it or die" flame? In that case, wouldn't we need to do a little exploration (nmap scan, telnet, check it really was a root shell in the Korea case) in order to put the abuse email together? Once again, what are list's opinions? Matthew Pemble, Senior Consultant, IS Integration, Preston Technology Management Centre, Marsh Lane, PRESTON, Lancashire, PR1 8UD Tel: +44 (0)1772 885850 Fax: +44 (0)1772 558881 Mob: +44 (0) 7050 128620 Mailto:mpemble () isintegration co uk Web: http://www.isintegration.co.uk This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify your system manager or IS Integration Limited on +44 (0) 1772 885850 Any Views expressed in this e-mail message are those of the individual sending the message, except where the sender specifically states them to be the views of IS Integration Limited.
Current thread:
- Re: probe backs? was Re: [INCIDENTS] Korea Rob Quinn (Jan 31)
- <Possible follow-ups>
- Re: probe backs? was Re: [INCIDENTS] Korea Matthew Pemble (Feb 01)
- Re: probe backs? was Re: [INCIDENTS] Korea Pavel Kankovsky (Feb 02)
- DoS Trojan on Solaris Roderick Padilla (Feb 02)
- Re: DoS Trojan on Solaris Ross Mueller (Feb 02)
- Re: DoS Trojan on Solaris David Brumley (Feb 02)
- Interesting Probe Rick Magill (Feb 03)
- Re: DoS Trojan on Solaris Dave Dittrich (Feb 03)
- Re: DoS Trojan on Solaris Data_surge (Feb 04)
- Re: DoS Trojan on Solaris Ross Mueller (Feb 03)
- Compromised... Steve Logan (Feb 07)
- Re: Compromised... David Bernick (Feb 07)