North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Netgate.net.nz/ORBS spam colusion
- From: Alex P. Rudnev
- Date: Mon Jan 10 00:30:21 2000
Hmm, what does mean _PROBE? If my Unix open TCP connection with You windows, it
does not mean I probe YOUR property; this deal concern this twoi OS only... I do
not think anyone except may be Americal lawers (ORBS are out of their scope) can
accuse them; they only run some anty-relkaying system, not more...
It looks like Y2K problem. Don't be too paranoyed about them; block them if
they bother you, and forget this problem. Even if some lawers can open the
suite, it's 100% useless.
On Sat, 8 Jan 2000, Dean Anderson wrote:
> Date: Sat, 08 Jan 2000 17:30:15 -0500
> From: Dean Anderson <email@example.com>
> To: Owen DeLong <firstname.lastname@example.org>, email@example.com,
> Cc: firstname.lastname@example.org
> Subject: Re: Netgate.net.nz/ORBS spam colusion
> Around 08:14 AM 1/8/2000 -0800, rumor has it that Owen DeLong said:
> >However, I must question whether the activity Dean discusses is actually
> >criminal. He does not accuse them of carrying out the attacks, he
> >accuses them of transporting information published by a third party
> >which notifies the world that his site is vulnerable to these attacks.
> Umm, for the record, I do make such an accusation. When they probe a
> non-public government computer, they are violating 18 USC 1030 Sections
> 2(b), 2(c), and 3. Those are criminal violations. You simply may not
> probe government computers. Doing so is immediately a crime. The $5000
> limit is only for non-government computers.
> Then they do other things, some of which are criminal (fraud is criminal),
> and some of which may not be.
> >Since Dean has published information to NANOG and other public forums
> >stating that:
> > 1. His sites _ARE_ vulnerable.
> My customer shell servers' telnet sessions are vulnerable to password
> theft, and password guessing. So are yours. So what?
> > 2. He has no willingness to fix these vulnerabilities.
> There isn't anyway to fix them. There may be a protocol extension in the
> future, but its not here yet. I've been through this with 50 people in the
> last 6 months. That doesn't permit others to exploit them.
> > 3. He intends to make the internet at large responsible
> > for his negligence WRT these sites.
> We have no negligence. And we do not hold the internet at large
> responsible. Just those that exploit protocol vulnerabilites, and those who
> assist with the exploitation. If your customer commits crimes, and you
> don't do anything about it after complaints are made, I expect that you
> bear responsibility and liability.
> >I seriously doubt that publishing a list of known public-nuissances
> >is genuinely illegal. Further, unless Dean has presented netgate
> >with a court-order showing that the court has indeed found said
> >activity to be illegal, I think they would be negligent in turning
> >off said service.
> So publishing a list of sites which have vulnerabilities detected by SATAN
> scans wouldn't be illegal? Thats what you are saying.
> As far as court orders go, the point of this discussion is to make sure we
> have exhausted all non-litiguous options.
> >How would you like it if your ISP shut you down because I
> >complained to them that you were sending out messages that
> >contained information that was publicly available, but which
> >I didn't want published? That's what Dean's really saying.
> No, its not what I'm saying. Would you object if I published a list of
> your servers which could be broken into, and said that it was OK with you
> to break into those systems? I think you would.
> But if you wouldn't mind, I'll be happy to have your permission to scan
> your net with SATAN and publish a web page for the script kiddies. What
> was that? You don't give me permission? I didn't think so.
> Plain Aviation, Inc email@example.com
> LAN/WAN/UNIX/NT/TCPIP http://www.av8.com
(+1 415) 585-3489 /San Francisco CA/