On Tue, Jan 12, 1999 at 03:06:58PM -0500, Dean Anderson put this into my mailbox:
Criminal. DOS attacks are covered by 18 USC 1030. And I think there might even be smurf included in the Kevin Mitnick case, but I'm not sure about that.
Right; that stuff applies to *directly causing* the attack though (e.g. hacking root on a colocated linux box and typing ./smurf victimhost.com). I'm talking about filing some sort of legal action against the intermediaries (smurf relays) who get used by the cracker during the smurf; IANAL, but I would presume if you could show negligence in not being vigilant about security, and then do something showing that they indirectly caused you damage, you could get some sort of action taken against the relays. Right now there's no consequence for ignoring hacked boxes and/or misconfigured routers (smurf relays); every now and then when I mail the contacts one person or other sends me mail back threatening to sue me for threatening them and all sorts of other cruft (fortunately, this has been a reasonably uninvolved person who was on one of the contact addresses, and the person who actually fixed the routers was happy to do so and did so at my request.). It would be nice to be able to explain to this person with certainty that if it came to a court battle, I would have a better case than he did and be able to cite precedents. In that case, I would also most likely be able to talk to this person's legal department and they would taking care of the situation (including the mis-clued person who thinks I'm in the wrong). -dalvenjah -- Dalvenjah FoxFire (aka Sven Nielsen) "Every time he hits the 20 hour mark he Founder, the DALnet IRC Network becomes Mr. Potato Head!" e-mail: dalvenjah@dal.net WWW: http://www.dal.net/~dalvenjah/ whois: SN90 Try DALnet! http://www.dal.net/