On Friday 31 October 2003 08:40 am, Tango Echo wrote: > --- Bryan Phinney <[EMAIL PROTECTED]> > > wrote: > > On Thursday 30 October 2003 10:24 am, Ralph Slooten > > wrote: > > > > With the tarpit, you rig your mail server to accept > > the connection attempt but > > then receive the traffic e v e r s o s > > l o w l y, > > What about the legal consequences of using a tar pit? > Seems I remember reading something about that several > months back... Or perhaps they were just questioning > it becuause the TP acted as some kind of DoS attack > (even tho they are connecting to you)? Maybe that's > been straightened out - does any one know?
I can't possibly see what kind of legal consequences could follow. Someone is connecting to your server voluntarily and using your resources. You are simply metering how slowly they can use those resources. Since your server is your property, you are certainly free to meter or throttle those resources as you see fit. I also wouldn't describe it as a DoS attack, more like a DoS defense and where you are providing the server, it is certainly within your purview to deny that service. You actually think that a spammer is going to take you to court and argue to the judge, "Your Honor, I was attempting to access a computer resource without proper authorization and it didn't respond as quickly as I would like. Could you please have the damages I am requesting delivered care of the Federal Correctional Facility that I am assigned to based on my admission to violating several Federal statutes for unauthorized computer access?" Worse case scenario is that the spammer tries to attack your system in some sort of bizarre revenge scheme, but given that it would be extraordinarily difficult for him to actually figure out that the server in question is an active tarpit, I don't think that this is very likely, not to mention the fact that any active server on the Internet is already subject to such attacks, whether they are tarpitting or not. There have been several cases of active honeypots that were used to monitor hacker behavior published, there are also several public projects to create SMTP honeypots, teer-grubes (tarpits), and honeynets to combat spammers. I have heard of no legal actions commenced as a result of these. You are much more likely to be sued for actively blocking mail using a DNS Blocklist than you are for running a SMTP honeypot or tarpit. If I had a static IP, I would be running one myself. I don't, so I can't. -- Bryan Phinney Software Test Engineer
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
