Re: RPAT - Realtime Proxy Abuse Triangulation
From: Gary Flynn (flynngn@jmu.edu)
Date: 12/28/02
- Previous message: Rob Shein: "RE: RPAT - Realtime Proxy Abuse Triangulation"
- In reply to: Mathias Wegner: "Re: RPAT - Realtime Proxy Abuse Triangulation"
- Next in thread: Rob Shein: "RE: RPAT - Realtime Proxy Abuse Triangulation"
- Reply: Rob Shein: "RE: RPAT - Realtime Proxy Abuse Triangulation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 28 Dec 2002 09:46:55 -0500 From: Gary Flynn <flynngn@jmu.edu> To: Mathias Wegner <mwegner@cs.oberlin.edu>
Mathias Wegner wrote:
>>I would be very nervous about running this, remote SNMP queries of someone
>>elses system (say a .gov or .mil proxy) may be considered illegal activity
>>in some jurisdictions.
>>
>>
>
>Depending on the SNMP daemon, it would/should be as illegal as opening an ssh
>investigating the system from the command line. Most SNMP offers at least
>some amount of configuration via the read/write community. I know that when
>I see SNMP queries on network hardware that I manage, I consider it hostile
>activity.
>
>
On the other hand, if someone exposes an snmp server to the public
network with
a default community name, I'd say they're making it as accessible as an
anonymous ftp server, Microsoft C$ file share with no Administrator
password,
Kazaa share of entire hard drive, or telnet server with an account of
"root" and no
password. I would think it would be hard to prosecute someone in such a
case
when the service was made publicly available.
Not to say that incompetence is justification for criminal behavior but
how is someone
poking around the net to know which doors are left intentionally opened
and which
are stupid mistakes? If I'm driving down the road and see an
interesting, unmarked
driveway/road and go up it out of curiosity, am I breaking a law? Surely
the owners
of a service or road that don't want people in there should mark or
block it.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Next message: Rob Shein: "RE: RPAT - Realtime Proxy Abuse Triangulation"
- Previous message: Rob Shein: "RE: RPAT - Realtime Proxy Abuse Triangulation"
- In reply to: Mathias Wegner: "Re: RPAT - Realtime Proxy Abuse Triangulation"
- Next in thread: Rob Shein: "RE: RPAT - Realtime Proxy Abuse Triangulation"
- Reply: Rob Shein: "RE: RPAT - Realtime Proxy Abuse Triangulation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
