Re: A question for the list...

From: De Velopment (devel_at_www2.kparker.org)
Date: 05/18/03

  • Next message: Shawn Duffy: "RE: Scans from proxyprotector.com" 
    Date: Sat, 17 May 2003 22:07:47 -0700 (PDT)
To: Incidents <incidents@securityfocus.com>

    On Fri, 16 May 2003, Dan Hanson wrote (in part):

    > At last year's Blackhat conference in Las Vegas, Tim Mullen presented what
    > turned out to be a very controversial proposal. Briefly, he questioned why
    > it would be inappropriate to strike back and disable (if not remove) a
    > worm from hosts that are clearly not being adequately managed.

    It is interesting that this sounds similar to me to proposals by the
    RIAA to allow them to legally "strike out", hack into the networks
    of companies, and remove allegedly copyrighted files from machines
    who may have advertised them on Peer-to-peer networks.

    And I'll BET you that we'll have inquiries in the Incidents list
    if the computers owned by the RIAA try such a thing.

    But to get more directly to the inquiry at hand, I've wondered
    if it could be considered "self defense" if, say, a web server
    who just received the Nimda packet for, say, "cmd.exe" sent an
    immediate signal right back, telling the offending machine
    to shut itself down? And this being considered different from
    someone going through his/her logs after the fact and sending
    a counter-attack at that point? (One problem with the latter
    approach is some of the IP addresses may have been reassigned).

    Good luck on your inquiry and best regards,

    Ken Parker

    ----------------------------------------------------------------------------
    *** Wireless LAN Policies for Security & Management - NEW White Paper ***
    Just like wired networks, wireless LANs require network security policies
    that are enforced to protect WLANs from known vulnerabilities and threats.
    Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

    To get your FREE white paper visit us at:
    http://www.securityfocus.com/AirDefense-incidents
    ----------------------------------------------------------------------------

  • Next message: Shawn Duffy: "RE: Scans from proxyprotector.com"

    Relevant Pages

    • RE: A question for the list...
      ... lower than a level you'd need to launch a counter attack. ... On the Internet, a packet must pass through many networks, and ... misses and takes down an unintended host or router, ... > that are enforced to protect WLANs from known vulnerabilities and threats. ...
      (Incidents)
    • Re: Writers Vote to Strike
      ... What a Writers' Strike Means for Us ... TV networks and movie studios are engaged in the programming ... The major U.S. networks may look more like ...
      (alt.fan.letterman)
    • Re: A question for the list...
      ... lower than a level you'd need to launch a counter attack. ... On the Internet, a packet must pass through many networks, and ... misses and takes down an unintended host or router, ... > that are enforced to protect WLANs from known vulnerabilities and threats. ...
      (Incidents)
    • TV viewership still down in wake of 100-day writers strike
      ... although it's hard to tell how much the strike is to ... ABC, CBS, Fox and NBC had nearly 9 percent fewer viewers in April and May so ... Yet viewership declines are sadly typical for the big networks. ...
      (rec.arts.tv)
    • Re: A question for the list...
      ... Just like wired networks, wireless LANs require network security policies ... implement and enforce WLAN security policies to lockdown enterprise WLANs. ...
      (Incidents)