On Fri, 10 Aug 2001, Etaoin Shrdlu wrote ( sanitized by z@s0be.net ):
z@s0be.net wrote:
I think an interesting solution to this problem, no matter how unethical would be to write a program that leverages the vulnerability to patch the infected machine. In fact, it surprises me that this hasn't been done.
It's illegal. Really. What's the difference between someone breaking into my machine and destroying stuff, and someone breaking into, say, x.x.x.x., and "fixing" it? None. It's illegal. And yes, I HATE the machine that is on the other end of that IP. It is apparently installed with either mandarin or cantonese, which means that it bothers me a LOT when it bothers me.
It's a poorly configured win2k machine, with no proper reverse entry (although I know it belongs to OWNER_OF_x.x.x.x). Looking isn't illegal. I've even connected to his smtp server (but not bothered to send mail, since vrfy doesn't really guarantee that someone is there, and I have no evidence that he'd read email sent to administrator in any case). Sad, really.
It's still illegal. Yes, it'd probably be a kindness. It's still illegal.
<--( SNIP )--> Helu, I'm in agreement that it is illegal as well, however it does raise an interesting issue: Under what terms, if any, should various parties whose infrastructure is under some form of attack be able to defend themselves and what is the extent of that defense for a given situation? I think that due dilligence should be carried out in any situation, to give someone the chance to stop ( in most situations ), but where do you draw the line? NOTE: I'm not exactly condoning counterattacks, but I think in certain situations I could definitely justify it in my mind if someone were to take that course of action after exhausting their options for resolving a situation in which they are under some form of attack. .z