On Friday 31 October 2003 08:40 am, Tango Echo wrote:
> --- Bryan Phinney <[EMAIL PROTECTED]>
>
> wrote:
> > On Thursday 30 October 2003 10:24 am, Ralph Slooten
> > wrote:
> >
> > With the tarpit, you rig your mail server to accept
> > the connection attempt but
> > then receive the traffic e  v   e   r     s  o    s
> >   l   o   w   l   y,
>
> What about the legal consequences of using a tar pit?
> Seems I remember reading something about that several
> months back... Or perhaps they were just questioning
> it becuause the TP acted as some kind of DoS attack
> (even tho they are connecting to you)?  Maybe that's
> been straightened out - does any one know?

I can't possibly see what kind of legal consequences could follow.  Someone is 
connecting to your server voluntarily and using your resources.  You are 
simply metering how slowly they can use those resources.  Since your server 
is your property, you are certainly free to meter or throttle those resources 
as you see fit.  I also wouldn't describe it as a DoS attack, more like a DoS 
defense and where you are providing the server, it is certainly within your 
purview to deny that service.

You actually think that a spammer is going to take you to court and argue to 
the judge, "Your Honor, I was attempting to access a computer resource 
without proper authorization and it didn't respond as quickly as I would 
like.  Could you please have the damages I am requesting delivered care of 
the Federal Correctional Facility that I am assigned to based on my admission 
to violating several Federal statutes for unauthorized computer access?"

Worse case scenario is that the spammer tries to attack your system in some 
sort of bizarre revenge scheme, but given that it would be extraordinarily 
difficult for him to actually figure out that the server in question is an 
active tarpit, I don't think that this is very likely, not to mention the 
fact that any active server on the Internet is already subject to such 
attacks, whether they are tarpitting or not.

There have been several cases of active honeypots that were used to monitor 
hacker behavior published, there are also several public projects to create 
SMTP honeypots, teer-grubes (tarpits), and honeynets to combat spammers.  I 
have heard of no legal actions commenced as a result of these.  You are much 
more likely to be sued for actively blocking mail using a DNS Blocklist than 
you are for running a SMTP honeypot or tarpit.

If I had a static IP, I would be running one myself.  I don't, so I can't.

-- 
Bryan Phinney
Software Test Engineer


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Reply via email to