Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cons and Security Validation

From: H D Moore <hdm () SECUREAUSTIN COM>
Date: Wed, 7 Feb 2001 06:51:17 -0600
Almost everyone I have met who runs wargame networks normally sets a
no-outbound policy on their firewalls and routers beforehand.  ICMP could be
dropped outgoing, TCP can be filtered for Syn's, UDP attacks are somewhat
hard to block, due to the necessity of DNS.  This doesnt stop someone from
launching an ACK/UDP flood, but keeps most the kids from using the box as a
hop point.

Given that the operator took steps to keep people from relaying attacks, it
may be hard to make a legal case against them if someone finds a way around
it.  Just like subverting system security is normally a crime, subverting the
filtering rules could be treated in the same light.

-HD


On Wednesday 07 February 2001 01:10 pm, Matt Barringer wrote:

This brings up the interesting question of legality (and it has probably
been discussed before).  Would we would be partially liable
for damages caused by anyone who is able to r00t the machine's subsequent
terrorization of network and system administrators?
Previous By Date Next
Previous By Thread Next

Current thread: