Your analog does not completely hold. Since may sites on the net offer
many different public access 'doors' it is not as clear cut for a 'member
of the public' to tell public from private. Assume you have a main street
that has several store fronts and you have a parking lot at the rear of the
stores along the main street. Now further assume some percentage of the
stores on the main street allow public access through the standard unmarked
back door as a convenience to the public. John Q Public walks up to a back
door and tries the knob, door is locked. Does the cop on the beat even
stop and question him? I doubt it. Same scenaro but no public access via
the parking lot, the guy gets questioned. Why, perceived/acceptable public
access may be different than publicised or conventional public access.
Same is true on the net. If I FTP/telnet to your host and claim that I
thought it had a server or I thought it was a differnet site, do I get
questioned more, no, perceived legit usage or honest mistake. If I do it
say 20 times in a week the ISP would most certainly cancel my account. Or
suppose I'm an end user and you log BGP route change requests from my
machine, do I get booted, sure.
It really comes down to potentially valid public use/mistake vs. obvious
abuse or access attempt. Very hard to write law for in a changing
environment (port 80 was 'private' a few years ago).
On Fri, 23 Jul 1999 14:41:35 -0400 Dave Thompson: Opined:
>In a place of business, there is a front door, and there is often a private
>back door. The front door is to be used by the public so they can come in
>and look around. They can rattle the doorknob to their hearts' content.
>
>The private door, however, isn't intended for public use. It's still
>accessible from the street, but just because it accesses the street doesn't
>mean it's intended for just anyone to use--nor is it intended for people to
>even come rattle the doorknob to see if it's open. Someone may come to open
>the door by mistake because he doesn't realize the door isn't for public
>use, but most people have enough sense about them to recognize which door
>they are meant to use.
>
>In this analogy, the front door is the Web site that is open to the
>public--and this is the only part of the system that's open to the public.
>The private door, however, is ftp, telnet, etc., which aren't meant for
>public use. (I know some sites grant public ftp and telnet--that's not my
>point. Stick to the analogy!) The private door accesses files and tools
>that were never meant to be used or even seen by the public. Just having a
>door doesn't give people permission to try to open it.
>
>Because the store owner has a public business, he certainly intends for
>customers to come in the front door. However, if someone sneaks in the back
>door, or if someone even is lurking around the back door, he would call the
>authorities if he's prudent. The back door was never intended for public
>use.
>
>Just because a guy has a front door in the Internet doesn't mean he is
>opening his whole "store" up for the public to come in any door and do as
>they please in his office in the back. Customers are meant to be able to
>rummage around the front part of the store--not the office in the back.
>
>Whether the intruder would be punished or not would depend on local laws.
>
>
>
>
Dana Nowell Home: mailto:[EMAIL PROTECTED]
Cornerstone Software Inc. Work: mailto:[EMAIL PROTECTED]
MIME attachments preferred, BINHEX and uuencoded acceptable.
The opinions above are free, remember you get what you pay for.
The company doesn't speak for me and I don't speak for them.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
