I've heard views as extreme as hack'em back. If you feel that malicious
intent exists, possibly evidenced by repeated or escalating probes, I would
track down the source of the probes and contact the respective ISP(s). This
can be VERY difficult. If action isn't taken by the ISP(s) try the legal
route. If that doesn't work, start blocking traffic at the router or
firewall. If the situation doesn't allow you to be patient then skip
straight to the blocking solution. Unfortunately, this may also block
legitimate traffic. To be honest though, most ISP's will not take action if
all you can show is that a user performed a port scan but, no further
action. Simple port scans are not prosecutable, and shouldn't be in my
opinion. It can be argued as an enumeration of services, whatever, but,
presently the law on such issues is still very flimsy and dangerous. I say
dangerous because the rules are still being ironed out and the people who
yell the loudest, and get the most attention from politicians, are big
businesses which don't really give a damn about personal freedoms on the
Net, only making a profit. As we saw after the recent batch of DoS attacks,
reactionary measures by uneducated people prevail. This is VERY dangerous.
To further explain my "I don't think port scans should be prosecutable"
remark ...
I feel this way because to make such action illegal would provide a
precedent for more extreme measures which are very undesirable. To use the
previously popular analogy, you don't want someone walking down your hallway
rattling every doorknob in an attempt to break in but, I'd guess you'd be
even more pissed if every time you walked down any hallway some goon in a
dark suite and sunglasses hassled you about your intent.
Steve
-----Original Message-----
From: John N Westerlund [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 06, 2000 11:35 AM
To: [EMAIL PROTECTED]
Subject: Re: Security holes revisited
Kind of makes you wonder, if its legal to shoot someone trespassing on your
property, then what is the electronic equivalent? <g>
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
