Re: What constitutes authorized server access? - was Re: RPAT - Realtime Proxy Abuse Triangulation

[Russell Fulton <r.fulton () auckland ac nz>]

On Fri, 2003-01-03 at 07:25, Kevin Reardon wrote:
> In the case where a road is not specifically signed to 
> not trespass or properly gated, it is unknown to a reasonable man if 
> this road is a government run road or private, thus a person may 
> trespass without knowledge but would be innocent of the crime. 

Personally I think this is the best analogy given so far.  What it means
is that unless there is some form of access control then you are may
assume it is public highway.  The issue of intent is also important (but
as our ex police friend pointed out very difficult to prove -- hmmm.. is
a xmas or SYN+FIN packet the cyber equivalent of a jemmy?).

My rule of thumb is if the service is publicly access then they may be
accessed so long as you don't do anything that might cause damage or
breach privacy.  I.e. putting your head in the door and hollering "Any
one home" is OK, rummaging through the office filing cabine looking for
phone number of the owners insurance company so you can warn them isn't!
(it breaches the owners privacy).

With SNMP grabbing the machine make and type might be justifiable  but
this should not extent to someone walking the complete SNMP MIB.

The corollary is that if you leave services open with no access control
expect people to look around.


Cheers, Russell.

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

"It aint necessarily so"  - Gershwin


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com