RE: What constitutes authorized server access? - was Re: RPAT - Realtime Proxy Abuse Triangulation

["Christopher X. Candreva" <chris () westnet com>]

On Tue, 31 Dec 2002, Rob Shein wrote:

> yes or no to the entire facility/area.  And so it is with networks.
> Allowing SNMP access through your firewall is no different than screwing
> up and forgetting to lock the back/side doors...it's a bad idea, it's
> asking for trouble, it's certain to get noticed/abused sooner or
> later...but it doesn't make it ok for people to take advantage of it.

To extend your analogy . . it would not be uncommon, if someone saw the back
door of a building wide open that usually wasn't, for them to stick their
head in the door and yell "Hello !?! Anyone here ?  I think you left your
door open !"

A common problem in cities is apartment buildings where access to the roof
is left open. Aside from people hurting themselves, they can throw things
and hurt people down below. One could certainly make an argument, if you
are having things thrown at you from a  neighboring roof, that you are
justified in entering the premises to lock the roof door !

As you said, intent has everything to do with it.  If people are leaving
their machines wide open and you are being attacked from them, you are
could certainly argue that the equivalent of sticking your head in to see
what is going on is justified -- especially with the lack of any police to
call about noisy neighbors !

-Chris

==========================================================
Chris Candreva  -- chris () westnet com -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com