On Thu, 16 Aug 2001, Bernie wrote:
> Steve wrote:
> >
> > No matter what the rationale, or what your good
> >intentions, the act of adding, subtracting or
> >modifying files on any system without authorization
> >is the "test" for illegality.
>
> Correct legal stand. Still, if you set something up that will automatically
> react on such traffic to port 80 and respond to it by shutting the culprit
> down one can always claim that it was in self-defense. Ah, to have the time
> and connection to actually do that ;-)
For some reason, this is discussed much more on
alt.os.linux.security than on microsoft.public.inetserver.iis
If you're running Linux, then you have no fear of
infection. You can therefore not claim self-defense
because you know no harm can come to you. This would
also be true if you were running a patched NT machine.
> Another option would be to list the server on a webpage for companies that
> clearly are ignorant about security.
There is such a site. Unfortunately, I don't have
the uRL at hand... and I get so sidetracked when I go
looking. ;-)
> The load of traffic to a common server
> for this would probably be too much if many did it, but it would be kind of
> nice to clearly indicate which servers are badly maintained.
When i run across it again, I'll let you know.
- Steve
