On Mon, Oct 01, 2001 at 08:52:06PM -0400, Benjamin Scott wrote: > On Mon, 1 Oct 2001, Derek D. Martin wrote: > > ... and the affected site should be able to replace the trashed web > > server in about 15 minutes, IF they notice it's been trashed, and IF > > they have a proper disaster recovery plan. > > There is no way you are going to recover from a security compromise in 15 > minutes, Derek. Come on. You of all people should know that.
O.k., fair enough. But what am I really saying here? I'm saying that the vast majority of attacks on people's systems just can't qualify as terrorism. Why? Well, first of all because there's just no terror involved. They're attacks on inanimate objects, or on corporate entities, in most cases. Neither of which are capable of being terrified. Secondly because in the vast majority of cases, even when the attacks succeed, the real damage is almost nonexistant. Yes, there have been a few high-profile exceptions to that rule recently, ILOVEYOU and Code Red, and what have you. Those specific incidents I think could qualify as terrorism, owing to the scale of the attack and the damage it caused. But as YOU well know, most attacks don't fall into that category. Most of these attacks we see really don't warrant more than a few hours of attention, even in the case of a root compromise (re-install OS, restore from back-up, patch the hole that was easy to find because the script kiddie couldn't cover his tracks). This bill seeks to put "unauthorized access" of computers, which some courts have held includes such things as a ping sweep, in the same category as driving a jet plane into a skyscraper. I think this is preposterous, and I think you would agree with me. Perhaps I said it badly the first (few) time(s), but that's what I'm trying to get at here. > I am not saying the ill-conceived, reactionary measures under > discussion in Congress are justified. I believe they are not. But > the fact of the matter is, comparing a network security compromise > to a kid throwing a brick through a window is just not reasonable, > either. Well, I think you have to take it on a case by case basis. I believe that most "intrusions" are little more serious than that, though certainly some are. Again, especially remembering that DoJ and/or the courts include such things as nmap scans in their definition of intrusions... -- --------------------------------------------------- Derek Martin | Unix/Linux geek [EMAIL PROTECTED] | GnuPG Key ID: 0x81CFE75D Retrieve my public key at http://pgp.mit.edu ********************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the following text in the *body* (*not* the subject line) of the letter: unsubscribe gnhlug **********************************************************
