Tim Mullen, 2002-07-29
Is it criminal to reach out and hack an infected machine that's attacking your network?
Colapse all |
Post comment
The Right to Defend
2002-07-29
Anonymous (10 replies)
Anonymous (10 replies)
The Right to Defend
2002-07-29
Anonymous (1 replies)
Anonymous (1 replies)
When someone is trying to hack your network, who will you call? The Police ? They cant do anything. The FBI ? They are just going to tell you that you have to wait until $5,000 Dollars of damage have been done. THen when it has been you will be put on hold because a bigger company has lost more mone...
[ more ] [ reply ]
[ more ] [ reply ]
The Right to Defend
2002-08-01
Anonymous (3 replies)
Anonymous (3 replies)
you are talking about nimda and another worms like "virus".
I just have a question,...
You are using an unsafe operating system. You are complaining about lost bandwith and money. Why are you using anymore microsoft software ?
You know, your hardware will last longer if you use unix like o...
[ more ] [ reply ]
I just have a question,...
You are using an unsafe operating system. You are complaining about lost bandwith and money. Why are you using anymore microsoft software ?
You know, your hardware will last longer if you use unix like o...
[ more ] [ reply ]
The Right to Defend
2002-08-01
Anonymous (1 replies)
Anonymous (1 replies)
The use of a safe or not safe OS doesn't matter in his argument. He is talking about the data traffic from OTHER people's compromised systems.
That data traffic costs money, either directly on one's bill or indirectly in higher costs on the upstream....
[ more ] [ reply ]
That data traffic costs money, either directly on one's bill or indirectly in higher costs on the upstream....
[ more ] [ reply ]
The Right to Defend
2002-08-07
moleculem@t
moleculem@t
It's not that easy for some of us.
I am a contract business doing medical billing. most of our claims are filed electronicly, via our dsl account. the federal government will only allow this on machines runing windows, using IE 4 or better (i know...double negative.)
so you see, we don't have ...
[ more ] [ reply ]
I am a contract business doing medical billing. most of our claims are filed electronicly, via our dsl account. the federal government will only allow this on machines runing windows, using IE 4 or better (i know...double negative.)
so you see, we don't have ...
[ more ] [ reply ]
The Right to Defend
2002-07-29
Anonymous (1 replies)
Anonymous (1 replies)
The next time Nimda attacks your web server, give the police a call. Let me know how it goes....
[ more ] [ reply ]
[ more ] [ reply ]
The Right to Defend
2002-07-31
Kruse (1 replies)
Kruse (1 replies)
It may be observed that what we need is not the police. But a body that not only has the jurisdiction, but also will take these smaller, yet important cases, seriously. And the only way to do this with the lack of international boundries on the Internet would be to instate this department at an in...
[ more ] [ reply ]
[ more ] [ reply ]
The Right to Defend
2002-08-01
Anonimouse
Anonimouse
This seems to me like being in a gold rush town with every one for themselves. What's needed as the stakes go up and civilization comes as things calm down a bit is a sheriff (a CyberCop), there's too much vested interest otherwise. The tools, etc. are new just like this frontier is new but it can...
[ more ] [ reply ]
[ more ] [ reply ]
The Right to Defend
2002-07-31
Anonymous
Anonymous
"If somebody breaks into your house, do you start your own investigation and hunt him down, or do you call the police?"
I have the right to defend IF the attack is in progress. I don't have to stop and call the police. The law allows us to defend an immediate attack. The same with a physical...
[ more ] [ reply ]
I have the right to defend IF the attack is in progress. I don't have to stop and call the police. The law allows us to defend an immediate attack. The same with a physical...
[ more ] [ reply ]
The Right to Defend
2002-07-31
William Stone, III
William Stone, III
> If somebody breaks into your house, do you start your
> own investigation and hunt him down, or do you call the
> police?
If someone's breaking into my house and I'm HOME, I get out the Kimber and if necessary shoot him dead. If I call the cops and wait for them to show up, my family and I ...
[ more ] [ reply ]
> own investigation and hunt him down, or do you call the
> police?
If someone's breaking into my house and I'm HOME, I get out the Kimber and if necessary shoot him dead. If I call the cops and wait for them to show up, my family and I ...
[ more ] [ reply ]
The Right to Defend
2002-08-05
Anonymous
Anonymous
Let's see.. if someone breaks into your house you could legally shoot them.
If someone parked their car in your driveway, preventing you from getting in your garage, you could hookup a chain to it and haul it off your property yourself.
We have a right to defend ourselves in the real world, w...
[ more ] [ reply ]
If someone parked their car in your driveway, preventing you from getting in your garage, you could hookup a chain to it and haul it off your property yourself.
We have a right to defend ourselves in the real world, w...
[ more ] [ reply ]
this makes no sense
2002-08-07
Anonymous
Anonymous
though i would agree that something should be done to improve the security across the internet, this cowboy attitude could get you into more trouble than its worth. Think about the real issue. Most average home users dont have adequate protection on thier systems. And those hackers inside the "camp"...
[ more ] [ reply ]
[ more ] [ reply ]
The Right to Defend
2002-07-29
Anonymous
Anonymous
Sounds elegant, but I don't think the "powers that be" will acknowledge this as a viable defence. I think the government would rather have people living in fear of the next "internet attack". Masses of defenceless people and their computers makes a good target for the fear based propaganda that is...
[ more ] [ reply ]
[ more ] [ reply ]
The Right to Defend
2002-07-29
Anonymous
Anonymous
I think this would set a bad precident. This would only give more weight to recent attempts to allow the RIAA to hack and disable machines that they think are distributing copyrighted files, or Microsoft to reach out and shut down PCs they think may be running pirated software. Pretty soon every h...
[ more ] [ reply ]
[ more ] [ reply ]
Happened with Code Red 2...
2002-07-29
Nicholas Weaver
Nicholas Weaver
http://sunsite.bilkent.edu.tr/pub/infosystems/phpweb/default
.txt
Once code red 2 started spreading, Sam Phillips at dasbistro.com created the above small perl script which directly responded to a code red or code red 2 probe by attempting to use the code red 2 backdoor to disable IIS and reset th...
[ more ] [ reply ]
.txt
Once code red 2 started spreading, Sam Phillips at dasbistro.com created the above small perl script which directly responded to a code red or code red 2 probe by attempting to use the code red 2 backdoor to disable IIS and reset th...
[ more ] [ reply ]
The Right to Defend
2002-07-29
Matthew Waddell (3 replies)
Matthew Waddell (3 replies)
Machine A looks like it is attacking Machine B.
The Admin of Machine B attacks Machine A to take it offline, in order to "Defend itself."
Machine B loses Internet connectivity because Machine C spoofed traffic (very easy to do) in order to appear to come from Machine B's Primary DNS, or CEO's ...
[ more ] [ reply ]
The Admin of Machine B attacks Machine A to take it offline, in order to "Defend itself."
Machine B loses Internet connectivity because Machine C spoofed traffic (very easy to do) in order to appear to come from Machine B's Primary DNS, or CEO's ...
[ more ] [ reply ]
The Right to Defend
2002-07-31
J. J. Horner (1 replies)
J. J. Horner (1 replies)
Gee, someone actually sees that active response from an administrator could cause more harm than good. Perhaps you should write this column and this M$ apologist should take his mispent agressions out on small rodents.
My favorite case is this:
Machine A receives traffic which looks malicious...
[ more ] [ reply ]
My favorite case is this:
Machine A receives traffic which looks malicious...
[ more ] [ reply ]
More Misinformation
2002-08-07
Anonymous 3 Letter Agency
Anonymous 3 Letter Agency
Why change what works, indeed.
However, what you propose simply does not work. Part of the frustration I hear is how little we can actually do about this. ISP's do nothing. Admins do nothing. Additionally the demonstrated technique was automated. One does not need to take time to "counter-hac...
[ more ] [ reply ]
However, what you propose simply does not work. Part of the frustration I hear is how little we can actually do about this. ISP's do nothing. Admins do nothing. Additionally the demonstrated technique was automated. One does not need to take time to "counter-hac...
[ more ] [ reply ]
Misinformation
2002-08-07
Anonymous 3 Letter Agency
Anonymous 3 Letter Agency
Every single thing you say here is wrong.
For one, Mullen does not talk about random hack-backs. His Blackhat presentation was the best of the entire conference. He convinced many people, some in my agency, that this is actually viable. There is alot of talk about it internally.
If you rese...
[ more ] [ reply ]
For one, Mullen does not talk about random hack-backs. His Blackhat presentation was the best of the entire conference. He convinced many people, some in my agency, that this is actually viable. There is alot of talk about it internally.
If you rese...
[ more ] [ reply ]
Wanna be a cowboy
2002-07-29
Me (2 replies)
Me (2 replies)
My house was robbed a couple weeks ago. I'm certain it was this guy who lives on the other side of town. How about if I just go over there and break into HIS house.
I was the victim of identity theft. Some of the charges included the delivery of CD's to an address in another state. He must be...
[ more ] [ reply ]
I was the victim of identity theft. Some of the charges included the delivery of CD's to an address in another state. He must be...
[ more ] [ reply ]
Wanna be a cowboy
2002-07-31
Anonymous
Anonymous
The difference is that in all of those scenarios you mentioned, there are law enforcement agencies available and equipped to deal with that crime. And you are correct that you would be crazy to take action yourself (as well as making yourself a criminal also).
Also, the author is advocating that ...
[ more ] [ reply ]
Also, the author is advocating that ...
[ more ] [ reply ]
Responisbility for abetting a crime
2002-07-29
Anonymous (2 replies)
Anonymous (2 replies)
You wrote "But if an administrator does not secure his box, and the same series of GET requests hammer against my network for months at a time, he is a victim. An innocent." But he IS abetting the crimminal who wrote the worm/virus. I suggest that he either "knew or should have known" what was hi...
[ more ] [ reply ]
[ more ] [ reply ]
Responisbility for abetting a crime
2002-07-30
Anonymous
Anonymous
You say: 'But he IS abetting the crimminal who wrote the worm/virus. I suggest that he either "knew or should have known" what was his system was doing. He should not be considered completely blameless, especially if the activity has been going on "for months at a time".'
this is the area of civi...
[ more ] [ reply ]
this is the area of civi...
[ more ] [ reply ]
Responisbility for abetting a crime
2002-07-30
Anonymous
Anonymous
I agree. Hackback is a temporary solution with the potential to get out of control. The ideal solution would be a group (or groups) dedicated to doing this sort of thing in a *controlled* manner and working with the ISPs on a regular basis. It isn't an immediate solution, but it is a better one....
[ more ] [ reply ]
[ more ] [ reply ]
The Right to Defend
2002-07-29
Anonymous
Anonymous
Under a currently circulating, yet to be fully passed, US Federal law, what you are suggesting (the "hack-back") would be legal *if* you were a patent/copyright/trademark holder and the target was known (provable) to be violating your rights. It's a bad law, It needs to be killed. There are far TOO ...
[ more ] [ reply ]
[ more ] [ reply ]
The Right to Defend
2002-07-29
Anonymous
Anonymous
I agree wholeheartedly. It is a simple matter of self defense and resposibility to protect those who may not have the ability or knowledge to defend themselves. I say until adequate measures are taken for authorities to handle acts of electronic terrorism, vandalism, theft and piracy directed at i...
[ more ] [ reply ]
[ more ] [ reply ]
The Right to Defend
2002-07-30
Anonymous
Anonymous
Some silly responses here. If someone breaks into your house, do you ask them for their ID? Sheesh! Hackback is a reasonable and responsible interim response to a problem that is costly and unnecessary. Let the "authorities" take care of it? Which world did you come from? The authorities/lawyers go ...
[ more ] [ reply ]
[ more ] [ reply ]
The Bigger Picture
2002-07-30
Anonymous
Anonymous
Everyone who has responded to this column so far has presented valid arguments, in support of or against the context of the column - individual retaliation/vigilantism to apparent intrusion of one's network. As it would be expected, a column as such brings out individual's fervor and zeal regarding...
[ more ] [ reply ]
[ more ] [ reply ]
The Right to Defend
2002-07-30
Anonymous
Anonymous
There are no "Internet Police", the only one who can really do anything about Code Red# and nimda or other such worms are the ISP's.
They are responsible for the quality of the Network and should therefore co-operate and inform the infected customer about his "minor" problem. Give the customer a ...
[ more ] [ reply ]
They are responsible for the quality of the Network and should therefore co-operate and inform the infected customer about his "minor" problem. Give the customer a ...
[ more ] [ reply ]
The Right to Defend
2002-07-30
Anonymous (1 replies)
Anonymous (1 replies)
A great many people will probably be doing just this if the RIAA is stupid enough to start harassing Peer-to-Peer networks....
[ more ] [ reply ]
[ more ] [ reply ]
The Right to Defend
2002-07-30
Anonymous
Anonymous
With regard to the first point on international law, enforcing policy with ISP's forget it -- there is no international law. Anyway the Internet has never really been "policeable" due to it's inherent anonymity; and the anonymous nature of the 'net can only be changed by the type of legal action th...
[ more ] [ reply ]
[ more ] [ reply ]
Opening a new can of worms......
2002-07-30
kiwi
kiwi
Allowing "administrators" to crack comprimised systems to defend thier own will cause for more problems than it will ever solve. What stops me from cracking win2k servers and dropping nimba on it before I'm done, claiming that I was disabling an infected system that was attacking my network? The onl...
[ more ] [ reply ]
[ more ] [ reply ]
The Right to Defend
2002-07-30
Mel
Mel
A couple of observations:
1) Outside cyberspace the "Right to Defend" is constrained to very specific situations. In general you can only use it while in danger of imminent physical harm. To use deadly force your life has to be in jeopardy. Under those limited constraints I adamantly support it ...
[ more ] [ reply ]
1) Outside cyberspace the "Right to Defend" is constrained to very specific situations. In general you can only use it while in danger of imminent physical harm. To use deadly force your life has to be in jeopardy. Under those limited constraints I adamantly support it ...
[ more ] [ reply ]
The Right to Defend
2002-07-30
Hamster1
Hamster1
I feel that a "Hack Back", if used judiciously could be a temporary measure that brings relief to the harassed server/network. But this is only a temporary fix. There is a vaccuum, or void in terms of the law/law enforcement. There is a need for someone to bring real laws, with real world teeth. To ...
[ more ] [ reply ]
[ more ] [ reply ]
Killing a mosquito with a cannon?
2002-07-31
S Guy
S Guy
First, let me say I'm not fully versed on the security statistics of either France or the US, being that I'm one of those polite Canadians you read about. Sorry, polite Canadians that you read about, eh?
That being said, my question is this: to perpetrate this sort of "hack-back" response, it w...
[ more ] [ reply ]
That being said, my question is this: to perpetrate this sort of "hack-back" response, it w...
[ more ] [ reply ]
What about the the rights of the entertainment industry?
2002-07-31
Brian Erdelyi (1 replies)
Brian Erdelyi (1 replies)
This is the same argument that attempts to justify Mr. Berman's, and company, attempts to propose legislation that will allow copyright owners to "hack" copyright violators sharing copyrighted content.
I do not believe that administrators should have the right to attack other systems without liab...
[ more ] [ reply ]
I do not believe that administrators should have the right to attack other systems without liab...
[ more ] [ reply ]
What about the the rights of the entertainment industry?
2002-07-31
William Stone, III (1 replies)
William Stone, III (1 replies)
> This is the same argument that attempts to justify Mr.
> Berman's, and company, attempts to propose legislation
> that will allow copyright owners to "hack" copyright
> violators sharing copyrighted content.
It is not, and for one simple reason:
A hacker attempting to maliciously obtain ...
[ more ] [ reply ]
> Berman's, and company, attempts to propose legislation
> that will allow copyright owners to "hack" copyright
> violators sharing copyrighted content.
It is not, and for one simple reason:
A hacker attempting to maliciously obtain ...
[ more ] [ reply ]
What about the the rights of the entertainment industry?
2002-08-05
Brian Erdelyi
Brian Erdelyi
>> This is the same argument that attempts to justify Mr.
>> Berman's, and company, attempts to propose legislation
>> that will allow copyright owners to "hack" copyright
>> violators sharing copyrighted content.
>
>It is not, and for one simple reason:
>
>A hacker attempting to malicio...
[ more ] [ reply ]
>> Berman's, and company, attempts to propose legislation
>> that will allow copyright owners to "hack" copyright
>> violators sharing copyrighted content.
>
>It is not, and for one simple reason:
>
>A hacker attempting to malicio...
[ more ] [ reply ]
The Right to Defend
2002-07-31
Anonymous
Anonymous
I think the way to go would be a not-for-profit, open-logs, open-standards group that actively counter-secured, preserved evidence, and notified the proper authorities when compromised machines were dealt with. Salient points:
Since all of their activity would be documented and available for any...
[ more ] [ reply ]
Since all of their activity would be documented and available for any...
[ more ] [ reply ]
The Right to Defend
2002-08-01
Anonymous
Anonymous
I find your article to be very shortsighted. Why do we patch, and release service packs for operating systems? We do it to make them safer and more secure. So now what you want to do is to turn the tables and become that which we hate. That which causes us no ends of stress. And why? To get ba...
[ more ] [ reply ]
[ more ] [ reply ]
The Right to Defend
2002-08-03
sceptic
sceptic
If you talk about "fighting back" you better be more specific - do you fight back to machine or to software. Remember that the owners of the two (HW and SW) are not the same entity in many cases.
And (I beleive) it's the bad software that attacks you in most of the cases. So, if the owner of the d...
[ more ] [ reply ]
And (I beleive) it's the bad software that attacks you in most of the cases. So, if the owner of the d...
[ more ] [ reply ]
The Right to Defend
2002-08-05
State Admin (1 replies)
State Admin (1 replies)
I agree with him to an extent. I used to monitor my IIS logs to see who was hitting me with what, only 1 person out of the hundred or so I emailed even replied, they had no idea IIS was even running - "we did notice that our network was slow". :P
What's our recourse? I still am getting a ton of h...
[ more ] [ reply ]
What's our recourse? I still am getting a ton of h...
[ more ] [ reply ]
The Right to Defend-why not nukes?
2002-08-05
Anonymous
Anonymous
Since you may not know if the system has been intentionally set up by the owner and may be highjacked by a neighboring system why not just nuke the city?
The hack back makes as much sense as any vigilantism we could all carry guns and just shoot each other too!
Lame idea, the wrong guys would get ...
[ more ] [ reply ]
The hack back makes as much sense as any vigilantism we could all carry guns and just shoot each other too!
Lame idea, the wrong guys would get ...
[ more ] [ reply ]
Here here!
2002-08-06
Anonymous (1 replies)
Anonymous (1 replies)
To many of the replies I've read so far I say this:
You have NO clues!
When your protecting a large network (not your home PC) and paying for bandwidth wether it hits your firewall or not then an automated response such as being suggested becomes a highly desirable thing.
Try running an IDS o...
[ more ] [ reply ]
You have NO clues!
When your protecting a large network (not your home PC) and paying for bandwidth wether it hits your firewall or not then an automated response such as being suggested becomes a highly desirable thing.
Try running an IDS o...
[ more ] [ reply ]
The Right to Defend
2002-08-08
IV
IV
What seems to be missing from the anti-hackback argument is the correct TENSE. Hackback is not a vendetta to get the bastard that hackED your network...It is a way to stop the bastard who is hackING your network! It is a way to stop a CURRENT problem, not a transgression that happened in the PAST....
[ more ] [ reply ]
[ more ] [ reply ]
The Right to Defend to a degree...
2002-08-09
Scott
Scott
I've had nimda eat up my bandwidth. If you call the FBI, they won't talk to you unless you can show them $5,000 worth of damage. I've called the admins of the infected systems and had one tell me "Yeh, it's been infected since wednesday"... There's an amazing amount of admins that are absolutely ...
[ more ] [ reply ]
[ more ] [ reply ]
If someone's car is repeatedly blocking access to your garage, do you tow it away yourself or do you call the police?
What you are calling for is wild West. Theses times are ov...
[ more ] [ reply ]