Security Incidents mailing list archives
Re: A question for the list...
From: De Velopment <devel () www2 kparker org>
Date: Sat, 17 May 2003 22:07:47 -0700 (PDT)
On Fri, 16 May 2003, Dan Hanson wrote (in part):
At last year's Blackhat conference in Las Vegas, Tim Mullen presented what turned out to be a very controversial proposal. Briefly, he questioned why it would be inappropriate to strike back and disable (if not remove) a worm from hosts that are clearly not being adequately managed.
It is interesting that this sounds similar to me to proposals by the RIAA to allow them to legally "strike out", hack into the networks of companies, and remove allegedly copyrighted files from machines who may have advertised them on Peer-to-peer networks. And I'll BET you that we'll have inquiries in the Incidents list if the computers owned by the RIAA try such a thing. But to get more directly to the inquiry at hand, I've wondered if it could be considered "self defense" if, say, a web server who just received the Nimda packet for, say, "cmd.exe" sent an immediate signal right back, telling the offending machine to shut itself down? And this being considered different from someone going through his/her logs after the fact and sending a counter-attack at that point? (One problem with the latter approach is some of the IP addresses may have been reassigned). Good luck on your inquiry and best regards, Ken Parker ---------------------------------------------------------------------------- *** Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs. To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-incidents ----------------------------------------------------------------------------
Current thread:
- RE: A question for the list..., (continued)
- RE: A question for the list... Dan Perez (May 19)
- Re: A question for the list... Ray Stirbei (May 19)
- RE: A question for the list... Benjamin Tomhave (May 21)
- Re: A question for the list... Kevin Reardon (May 20)
- RE: A question for the list... Mark Ng (May 21)
- Re: A question for the list... Kevin Reardon (May 21)
- RE: A question for the list... Rob Shein (May 22)
- Re: A question for the list... Gary Flynn (May 21)
- Re: A question for the list... Jimi Thompson (May 23)
- Re: A question for the list... Jay D. Dyson (May 25)
- Re: A question for the list... Andy Shelley (May 20)
- RE: A question for the list... John McCracken (May 20)
- Re: A question for the list... Anders Reed Mohn (May 20)
- Re: A question for the list... Ray Stirbei (May 21)
- RE: A question for the list... Bojan Zdrnja (May 26)
- Re: A question for the list... Chip Mefford (May 21)