Security Incidents mailing list archives
Re: Korea (was RE: ?)
From: mis () SEIDEN COM (Mark Seiden)
Date: Fri, 28 Jan 2000 15:20:42 -0800
a. how would you *know* what service was running at a port without connecting to it? you can neither presume it is a private nor a public service... so then you connect and see a # prompt. (you still don't *know* that you're talking to a root shell, until you type a few commands. hey, maybe it's one of those adventure MUDs!) maybe your session (ip address, keystrokes) is being logged, maybe not, by a bad guy, or by the good guys. b. simply connecting to a service presents not a hint of an ethical issue, for me. no violations of the golden rule or the hippocratic oath. what you do once you're there, and your motivation for what you do (malice or good samaritan-ship) answers the ethical questions. c. the legal questions are separate (but for well-written laws) derived from the ethical ones. d. considering: 1. the balance of power between the good guys and the bad guys here, 2. how clueless law enforcement often is (and cert has been) 3. that to get anyone take action you have to assemble a case, place on a silver platter and deliver it to them by fedex there is no alternative to doing it yourself other than hiring a professional in incident response (preferably with unblemished white-hat). (possibly it's vigilantism, but it works. look at kevin mitnick as an example of someone who made enemies unwisely.) d. please, can we stay away from the metaphors? a computer is not a house. a firewall is not barbed wire, an open port is not an open door, an owned machine is not a stray and possibly rabid mastiff to be put down humanely but professionally, etc. e. this may be the beginning of a long and uninteresting thread, paritulcarly if we rapidly turn it into a flame war over individuals and their ethics. On Fri, Jan 28, 2000 at 10:30:24AM +0100, Kim Robert Blix wrote:
Robert G. Ferrell National Business Center, US DoIThis is not a very ethical statement. Especially when you consider the email address you have used to send this message. Does the National Business Center condone 'cracking', when it is useful? "Brooke, O'Neil"Although I don't know the first think about Robert G. Ferrell, I'd like to point at that it is standard list/usenet policy to assume that a person speaks for himself and noone else unless so noted. And if I stumbled uppon a rootshell bound to a port on any machine that had recently been used to attack me, I sure would use it to investigate. I dont see *any* harm in that what so ever. the most likly reason for the shell being there is that the machine has been compromised and is used to launch attacks elsewhere. So by checking it out and then placing a phonecall you are doing them a favor. What you seems to be saying is that if your neighbours house and their door is wide open in the middle of the night, you should just move along. I'd sure stick my head in and ask if everything is allright. K
-- mark seiden, mis () seiden com, 1-(650) 592 8559 (voice) Pacific Time Zone
Current thread:
- Re: Korea (was RE: ?) Robert G. Ferrell (Jan 27)
- Re: Korea (was RE: ?) R a v e N (Jan 27)
- <Possible follow-ups>
- Re: Korea (was RE: ?) Brooke, O'Neil (Jan 27)
- Re: Korea (was RE: ?) Kim Robert Blix (Jan 28)
- probe backs? was Re: [INCIDENTS] Korea Jose Nazario (Jan 28)
- Re: Korea (was RE: ?) Mark Seiden (Jan 28)
- Re: Korea (was RE: ?) Rob McCauley (Jan 29)
- Re: Korea (was RE: ?) JJ Gray (Jan 28)
- Re: Korea (was RE: ?) David Brumley (Jan 28)
- Re: Korea (was RE: ?) Kim Robert Blix (Jan 28)
- Re: Korea (was RE: ?) Brooke, O'Neil (Jan 28)
- R: Re: Korea (was RE: ?) Raistlin (Jan 30)
- Re: Korea (was RE: ?) Robert G. Ferrell (Jan 28)
- Re: Korea (was RE: ?) Andy Hooper (Jan 28)
- Re: Korea (was RE: ?) Drissel, James W. (Jan 31)