(BTW - tell Neil I said "Hi!" :) )

There are much less intrusive ways of cutting down on the nimda bandwidth, ne? Why not just call up the ISP, explain the problem, and have them deny those particular packet types from that particular address at their own border routers? If someone from that address block complains to you or the ISP via e-mail, point out the nimda problem and you're done.

I sympathize with the frustration and all, but breaking into another box, even to shut it up, is way not-kosher. Sure, there are methods that can leave the original filesystem intact, but once you decide to bust a box just to get a little peace, you yourself not only risk prosecution, but become legally liable for anything that box does to anybody else, since you do end up modifying the contents of that box... you'd have to, at least if you want the results you're searching for.

even if the admin is a total 'tard, if the company that hired him finds out someone went into their property for any reason, suddenly your company becomes answerable to it.

This is because unlike dogs (or cats, or rats, or pet wombats for that matter), that popped server still contains valuable property (well, valuable to someone), and has no 'mind' or temperament of its own.

Sure, the box' owner still has legal responsibility for what that box does (depending on circumstance, as you've mentioned.)

So, why not light a wee tortious incentive to secure the box under the admin's butt? Instead of breaking into their box, instead make the admin and his/her company liable for x% of the bandwidth costs you incur, plus the billable cost of the time and effort it took to secure yourself from it?

/P

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/203/24156#24156