At 09:48 AM 1/12/1999 -0800, Dalvenjah FoxFire wrote:
On Tue, Jan 12, 1999 at 05:12:22PM +0000, Michael Shields put this into my mailbox:
In article <19990111101351.04195@dragonlair.dal.net>, Dalvenjah FoxFire <dalvenjah@DAL.NET> wrote:
Much as I hate to say it, this seems to be one area where industry self-regulation has utterly failed. I don't know what would be a better solution; I hate to suggest government regulation. But I'm at a loss here.
Civil liability?
Possibly. I don't know of anyone who's tried suing over a smurf attack. If I could afford the lawyer and the court time I'd do it myself. All we really need is one or two good cases to establish some case law; then the rest of us can have some legal precedent to point to and say "If you don't fix your networks, you're screwed."
Criminal. DOS attacks are covered by 18 USC 1030. And I think there might even be smurf included in the Kevin Mitnick case, but I'm not sure about that. --Dean ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc dean@av8.com LAN/WAN/UNIX/NT/TCPIP http://www.av8.com ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
On Tue, Jan 12, 1999 at 03:06:58PM -0500, Dean Anderson put this into my mailbox:
Criminal. DOS attacks are covered by 18 USC 1030. And I think there might even be smurf included in the Kevin Mitnick case, but I'm not sure about that.
Right; that stuff applies to *directly causing* the attack though (e.g. hacking root on a colocated linux box and typing ./smurf victimhost.com). I'm talking about filing some sort of legal action against the intermediaries (smurf relays) who get used by the cracker during the smurf; IANAL, but I would presume if you could show negligence in not being vigilant about security, and then do something showing that they indirectly caused you damage, you could get some sort of action taken against the relays. Right now there's no consequence for ignoring hacked boxes and/or misconfigured routers (smurf relays); every now and then when I mail the contacts one person or other sends me mail back threatening to sue me for threatening them and all sorts of other cruft (fortunately, this has been a reasonably uninvolved person who was on one of the contact addresses, and the person who actually fixed the routers was happy to do so and did so at my request.). It would be nice to be able to explain to this person with certainty that if it came to a court battle, I would have a better case than he did and be able to cite precedents. In that case, I would also most likely be able to talk to this person's legal department and they would taking care of the situation (including the mis-clued person who thinks I'm in the wrong). -dalvenjah -- Dalvenjah FoxFire (aka Sven Nielsen) "Every time he hits the 20 hour mark he Founder, the DALnet IRC Network becomes Mr. Potato Head!" e-mail: dalvenjah@dal.net WWW: http://www.dal.net/~dalvenjah/ whois: SN90 Try DALnet! http://www.dal.net/
On Tue, Jan 12, 1999 at 12:54:23PM -0800, Dalvenjah FoxFire wrote:
Right; that stuff applies to *directly causing* the attack though (e.g. hacking root on a colocated linux box and typing ./smurf victimhost.com). I'm talking about filing some sort of legal action against the intermediaries (smurf relays) who get used by the cracker during the smurf; IANAL, but I would presume if you could show negligence in not being vigilant about security, and then do something showing that they indirectly caused you damage, you could get some sort of action taken against the relays.
The (direct) analogy is landlords who are sued after their tenants notify them about dangerous conditions, which they fail to fix in a workmanlike and expeditious fashion. There's _endless_ case law on this, and even though IANAL, I have some cites available somewhere. Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Buy copies of The New Hackers Dictionary. The Suncoast Freenet Give them to all your friends. Tampa Bay, Florida http://www.ccil.org/jargon/ +1 813 790 7592
participants (3)
-
Dalvenjah FoxFire -
Dean Anderson -
Jay R. Ashworth