Security Incidents mailing list archives
Re: Korea (was RE: ?)
From: o'neil.brooke () LMCO COM (Brooke, O'Neil)
Date: Fri, 28 Jan 2000 10:25:38 -0500
I do not know Robert either, and maybe I am a bit more sensative to this than others. The point remains though.
And if I stumbled uppon a rootshell bound to a port on any machine that had recently been used to attack me, I sure would use it to investigate. I dont see *any* harm in that what so ever. the most likly reason for the
Here's a whatif for you. The admins of that server did not detect the person that had installed the backdoor. They do detect you though. Now you have been accused of cracking this machine. Depending on where in the world you live, the police could show up at your door seize all of your computer equipment and put you in jail. Sure you didn't crack this machine, but there is a clear audit trail of you accessing the backdoor and you have the joy of tring to prove you are NOT responsible for the exploitation of this machine. The harm is in your own personal liability. You have no right to 'investigate', if by that you mean using any unauthorized access to a machine that is not legally yours to administrate. As for Robert's comments. Several nations are in the process of building offensive information warfare groups. I do not think that Robert's comments reflect an official government position, but as an individual within the government he has suggested an activity that could be illegal. As an Internet Technologist will he be involved with the discussions that develop official policy? His statement can give fuel to alot of negative conjecture. I am just suggesting a little discretion. We run the risk of supporting an IO arms race here. One government agency supports 'hack-back' and will let the lawful admins of a machine know about the activity. Will that spur another agency to support 'hack-back' and take it to another level? Perhaps the next step is to install another backdoor so that the machine can be monitored and crackers that visit it in the future can be detected, like a remote honeypot. After all these crackers attack local computers as well. If a nation that you consider to be an adversary supports 'hack-back' with remote honey pots, you would probably feel threatened. Crackers exploit your computers and then this adversary feels authorized to install trojans to use for their own purposes. What IO policies does your nation take to counter this threat? You see the potential for escalation here? Official statements are not required to kick-off this escalation. The personal ramblings of individuals within government agencies speaks volumes.
---------- From: Kim Robert Blix[SMTP:kim () nhi no] Sent: Friday, January 28, 2000 4:30 AM To: Brooke, O'Neil Cc: INCIDENTS () SECURITYFOCUS COM Subject: Re: Korea (was RE: ?)Robert G. Ferrell National Business Center, US DoIThis is not a very ethical statement. Especially when you consider the email address you have used to send this message. Does the National Business Center condone 'cracking', when it is useful? "Brooke, O'Neil"Although I don't know the first think about Robert G. Ferrell, I'd like to point at that it is standard list/usenet policy to assume that a person speaks for himself and noone else unless so noted. And if I stumbled uppon a rootshell bound to a port on any machine that had recently been used to attack me, I sure would use it to investigate. I dont see *any* harm in that what so ever. the most likly reason for the shell being there is that the machine has been compromised and is used to launch attacks elsewhere. So by checking it out and then placing a phonecall you are doing them a favor. What you seems to be saying is that if your neighbours house and their door is wide open in the middle of the night, you should just move along. I'd sure stick my head in and ask if everything is allright. K
Current thread:
- Re: Korea (was RE: ?) Robert G. Ferrell (Jan 27)
- Re: Korea (was RE: ?) R a v e N (Jan 27)
- <Possible follow-ups>
- Re: Korea (was RE: ?) Brooke, O'Neil (Jan 27)
- Re: Korea (was RE: ?) Kim Robert Blix (Jan 28)
- probe backs? was Re: [INCIDENTS] Korea Jose Nazario (Jan 28)
- Re: Korea (was RE: ?) Mark Seiden (Jan 28)
- Re: Korea (was RE: ?) Rob McCauley (Jan 29)
- Re: Korea (was RE: ?) JJ Gray (Jan 28)
- Re: Korea (was RE: ?) David Brumley (Jan 28)
- Re: Korea (was RE: ?) Kim Robert Blix (Jan 28)
- Re: Korea (was RE: ?) Brooke, O'Neil (Jan 28)
- R: Re: Korea (was RE: ?) Raistlin (Jan 30)
- Re: Korea (was RE: ?) Robert G. Ferrell (Jan 28)
- Re: Korea (was RE: ?) Andy Hooper (Jan 28)
- Re: Korea (was RE: ?) Drissel, James W. (Jan 31)