Re: RPAT - Realtime Proxy Abuse Triangulation

• Previous message: H C: "RE: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second"
• In reply to:(deleted message) Jay D. Dyson: "Re: RPAT - Realtime Proxy Abuse Triangulation"
• Next in thread: Rob Shein: "RE: RPAT - Realtime Proxy Abuse Triangulation"
• Reply: Rob Shein: "RE: RPAT - Realtime Proxy Abuse Triangulation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 27 Dec 2002 10:55:29 -0800
From: Kevin Reardon <Kevin.Reardon@oracle.com>
To: Incidents List <incidents@securityfocus.com>

Is not SNMP used to manage the Internet? I would think that queries on
public would not be illegal at all. More like a passerby looking at the
  sign on the door. Breaking into the system into the read/write
community might land you in the clink (or if somebody got rambunctious,
in Cuba).

---K

Jay D. Dyson wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Tue, 24 Dec 2002, Mathias Wegner wrote:
>
>
>>>I would be very nervous about running this, remote SNMP queries of
>>>someone elses system (say a .gov or .mil proxy) may be considered
>>>illegal activity in some jurisdictions.
>>>
>>Depending on the SNMP daemon, it would/should be as illegal as opening
>>an ssh investigating the system from the command line. Most SNMP offers
>>at least some amount of configuration via the read/write community. I
>>know that when I see SNMP queries on network hardware that I manage, I
>>consider it hostile activity.
>>
>
> Color me jaded, but if someone has an open proxy and spam is
> spewed my way via that avenue, it's a pretty fair bet that the system I'm
> scanning is run by an admin who -- whether through ignorance or sloth --
> doesn't know or do jack about securing or monitoring his system.
> Moreover, open is open; whether a relay, proxy or anonymous FTP server.
> It is impossible to be charged with breaking and entering when there's no
> breaking involved.
>
> With that in mind, I would not waste any time or energy worrying
> about whether or not my scan would be picked up. Let's face it, a spammer
> just spewed through the idiot's proxy. Yet we're supposed to believe that
> this otherwise lazy dope now possesses the Eagle Eye of All Intrusion
> Detection Systems? Maybe I'm just cynical, but I really doubt it.
>
> All that said, I should point out that I am not a lawyer. I
> prefer to make an honest living.
>
> - -Jay
>
> ( ( _______
> )) )) .-"There's always time for a good cup of coffee."-. >====<--.
> C|~~|C|~~| (>------ Jay D. Dyson - jdyson@treachery.net ------<) | = |-'
> `--' `--' `How about a 10-day waiting period on YOUR rights?' `------'
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (TreacherOS)
> Comment: See http://www.treachery.net/~jdyson/ for current keys.
>
> iD8DBQE+DJooTqL/+mXtpucRAjy+AKCZ9eiSmvKyuSzZuNX9hbXTF9IDRACg4/gN
> 2Gs+0tVYEQqykUc+/AUgFBg=
> =/ofa
> -----END PGP SIGNATURE-----
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

• Next message: Roger Thompson: "Re: NIMDA - ceased ? -"
• Previous message: H C: "RE: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second"
• In reply to:(deleted message) Jay D. Dyson: "Re: RPAT - Realtime Proxy Abuse Triangulation"
• Next in thread: Rob Shein: "RE: RPAT - Realtime Proxy Abuse Triangulation"
• Reply: Rob Shein: "RE: RPAT - Realtime Proxy Abuse Triangulation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]