Re: Korea (was RE: ?)

[mis () SEIDEN COM (Mark Seiden)]

a. how would you *know* what service was running at a port
without connecting to it?  you can neither presume it is a
private nor a public service...

so then you connect and see a # prompt.  (you still don't *know*
that you're talking to a root shell, until you type a few commands.
hey, maybe it's one of those adventure MUDs!)

maybe your session (ip address, keystrokes) is being logged,
maybe not, by a bad guy, or by the good guys.

b. simply connecting to a service presents not a hint of an
ethical issue, for me.  no violations of the golden rule or
the hippocratic oath.

what you do once you're there, and your motivation for what you
do (malice or good samaritan-ship) answers the ethical questions.

c. the legal questions are separate (but for well-written laws)
derived from the ethical ones.

d. considering:

1. the balance of power between the good guys and
the bad guys here,

2. how clueless law enforcement often is (and cert has been)

3. that to get anyone take action you have to assemble a case,
place  on a silver platter and deliver it to them by fedex

there is no alternative to doing it yourself other than hiring a
professional in incident response (preferably with unblemished
white-hat).

(possibly it's vigilantism, but it works.  look at kevin mitnick as an
example of someone who made enemies unwisely.)

d. please, can we stay away from the metaphors?

a computer is not a house.  a firewall is not barbed wire,
an open port is not an open door, an owned machine is not a
stray and possibly rabid mastiff to be put down humanely
but professionally, etc.

e. this may be the beginning of a long and uninteresting thread,
paritulcarly if we rapidly turn it into a flame war over individuals
and their ethics.

On Fri, Jan 28, 2000 at 10:30:24AM +0100, Kim Robert Blix wrote:
> > > Robert G. Ferrell
> > > National Business Center, US DoI
> >
> > This is not a very ethical statement. Especially when you consider the
> > email address you have used to send this message. Does the National
> > Business Center condone 'cracking', when it is useful?
> >
> > "Brooke, O'Neil"
>
> Although I don't know the first think about Robert G. Ferrell, I'd like to
> point at that it is standard list/usenet policy to assume that a person
> speaks for himself and noone else unless so noted.
>
> And if I stumbled uppon a rootshell bound to a port on any machine that
> had recently been used to attack me, I sure would use it to investigate.
> I dont see *any* harm in that what so ever. the most likly reason for the
> shell being there is that the machine has been compromised and is used to
> launch attacks elsewhere. So by checking it out and then placing a
> phonecall you are doing them a favor.
>
> What you seems to be saying is that if your neighbours house and their
> door is wide open in the middle of the night, you should just move along.
> I'd sure stick my head in and ask if everything is allright.
>
> K

--
mark seiden, mis () seiden com, 1-(650) 592 8559 (voice) Pacific Time Zone