RE: FW: Careful. This is for information only.

To: "'William T Wilson'" <fluffy@snurgle.org>, "'Nathan E Norman'" <nnorman@micromuse.com>
Cc: <debian-user@lists.debian.org>
Subject: RE: FW: Careful. This is for information only.
From: "Ian Perry" <iperry@inertia.com.au>
Date: Tue, 7 Aug 2001 14:13:42 +1000
Message-id: <[🔎] 000201c11ef7$58fb3ca0$127509d2@inertia.com.au>
In-reply-to: <[🔎] Pine.LNX.4.21.0108062356330.944-100000@benatar.snurgle.org>

> -----Original Message-----
> From: William T Wilson [mailto:fluffy@snurgle.org]
> Sent: Tuesday, August 07, 2001 2:01 PM
> To: Nathan E Norman
> Cc: debian-user@lists.debian.org
> Subject: Re: FW: Careful. This is for information only.
>
>
> On Mon, 6 Aug 2001, Nathan E Norman wrote:
>
> > I have to agree with John ... using a security hole in
> someone else's
> > server for good or evil is probably not a good idea legally.  I'd
> > advise against it.
>
> In states with "Good Samaritan" laws you are likely to be
> shielded from
> liability as long as any action you take is clearly intended as help.
>
> Considering the fact that tens of thousands of malicious
> security attacks
> per year go unprosecuted, I doubt that anything non-malicious
> would be a
> big risk.  Unless you have deep pockets.
>
> That said, it's traditional to send the admin a message using the root
> account when a hole is found, but it isn't at all necessary.
> Just send
> the relevant excerpt from your log that shows they are
> attacking you to
> several good guesses at the relevant account (root@host, abuse@domain,
> etc.) and leave it at that.
>

Its a pity those people are so lame and irresponsible that they are not
doing anything about it.

I actually began looking at the web pages, and emailing the web admin or
contact point but with a packet coming in every few minutes it became
impossible.  It also seemed to be a waste of time as most of these sites are
still online and attempting to spread the virus.  The other fact that when
the IP is looked up there is absolutely no record of where or who it is
makes it almost impossible to alert them of their predicament.

Don't these people have a legal and moral responsibility to ensure that
their system is free from spreading the virus and damaging other systems ?
Where is their duty of care.

If they initiate an attack on me, don't I have a right to defend my site, a
commercial enterprise, against them to stop THEIR attacks on my network ?
Think about it... the message or whatever would not be sent if they did not
send an attack first.

Welcome to a legal nightmare.

I just find it hard to believe that people still haven't patched their
servers, and in the mean time I am paying for all the extra traffic into my
server.  It may not seem much but it sure adds up over a month or two.  Who
can I sue to recover that ??

The whole thing seemed interesting at first.... Now I just get pissed off at
the irresponsibility of it all.

Oh damn... looking at the logs.... looks like here comes another one...
"GET /robots.txt HTTP/1.0"... repeat.

If I could turn off the web server I would, but I can't.

Ian

Reply to:

Follow-Ups:
- RE: FW: Careful. This is for information only.
  - From: John Griffiths <john@capmon.com>
- RE: FW: Careful. This is for information only.
  - From: William T Wilson <fluffy@snurgle.org>
- Re: FW: Careful. This is for information only.
  - From: Craig Dickson <crdic@yahoo.com>

References:
- Re: FW: Careful. This is for information only.
  - From: William T Wilson <fluffy@snurgle.org>

Prev by Date: High Performance Computing (SMP/RAID): where to get the latest information?
Next by Date: satellite hookup
Previous by thread: Re: FW: Careful. This is for information only.
Next by thread: RE: FW: Careful. This is for information only.
Index(es):
- Date
- Thread