I'm sorry, I was looking to get opinions on how to deal with an operational
problem we are having with another operator, short of legal action. I stated
that I was looking for non-litiguous options in my first post. Some people have
suggested using legal action, or a lack of legal recourse, and I have only noted
our current information for the benefit of those people.
--Dean
Around 01:47 PM 1/9/2000 -0500, rumor has it that Susan R. Harris said:
>Hello Dean: Posts of a political, legal or philosophical nature are not
>appropriate for the NANOG email list. In specific, the current thread on
>"Netgate.net.nz/ORBS spam colusion" is almost certainly more appropriate
>for other mailing lists, including:
>
> inet-access@earth.com
> com-priv@lists.psi.com
> SPAM-L (LISTSERV@PEACH.EASE.LSOFT.COM)
> spamtools@abuse.net
>
>Please see the NANOG email list AUP for more information:
>
> http://www.nanog.org/aup.html
>
>We ask for your cooperation in maintaining the technical, engineering
>content of the NANOG mailing list.
>-------------------------------------------------------------------------
>Susan R. Harris, Ph.D. Merit Network, Inc. Phone: 734.936.2100
>Senior Science Writer Univ. of Michigan Fax: 734.647.3185
>-------------------------------------------------------------------------
>
>On Sat, 8 Jan 2000, Dean Anderson wrote:
>
>>
>> Around 08:14 AM 1/8/2000 -0800, rumor has it that Owen DeLong said:
>> >
>> >
>> >However, I must question whether the activity Dean discusses is
actually
>> >criminal. He does not accuse them of carrying out the attacks,
he
>> >accuses them of transporting information published by a third party
>> >which notifies the world that his site is vulnerable to these attacks.
>>
>> Umm, for the record, I do make such an accusation. When they probe
a
>> non-public government computer, they are violating 18 USC 1030 Sections
>> 2(b), 2(c), and 3. Those are criminal violations. You simply may not
>> probe government computers. Doing so is immediately a crime. The $5000
>> limit is only for non-government computers.
>>
>> Then they do other things, some of which are criminal (fraud is criminal),
>> and some of which may not be.
>>
>> >Since Dean has published information to NANOG and other public
forums
>> >stating that:
>> > 1. His sites _ARE_ vulnerable.
>>
>> My customer shell servers' telnet sessions are vulnerable to password
>> theft, and password guessing. So are yours. So what?
>>
>> > 2. He has no willingness to fix these vulnerabilities.
>>
>> There isn't anyway to fix them. There may be a protocol extension in
the
>> future, but its not here yet. I've been through this with 50 people
in the
>> last 6 months. That doesn't permit others to exploit them.
>>
>> > 3. He intends to make the internet at large responsible
>> > for his negligence WRT these sites.
>>
>> We have no negligence. And we do not hold the internet at large
>> responsible. Just those that exploit protocol vulnerabilites, and those
who
>> assist with the exploitation. If your customer commits crimes, and
you
>> don't do anything about it after complaints are made, I expect that
you
>> bear responsibility and liability.
>>
>> >I seriously doubt that publishing a list of known public-nuissances
>> >is genuinely illegal. Further, unless Dean has presented netgate
>> >with a court-order showing that the court has indeed found said
>> >activity to be illegal, I think they would be negligent in turning
>> >off said service.
>>
>> So publishing a list of sites which have vulnerabilities detected by
SATAN
>> scans wouldn't be illegal? Thats what you are saying.
>>
>> As far as court orders go, the point of this discussion is to make
sure we
>> have exhausted all non-litiguous options.
>>
>> >How would you like it if your ISP shut you down because I
>> >complained to them that you were sending out messages that
>> >contained information that was publicly available, but which
>> >I didn't want published? That's what Dean's really saying.
>>
>> No, its not what I'm saying. Would you object if I published a list
of
>> your servers which could be broken into, and said that it was OK with
you
>> to break into those systems? I think you would.
>>
>> But if you wouldn't mind, I'll be happy to have your permission to
scan
>> your net with SATAN and publish a web page for the script kiddies.
What
>> was that? You don't give me permission? I didn't think so.
>>
>>
>>
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>> Plain Aviation, Inc dean@av8.com
>> LAN/WAN/UNIX/NT/TCPIP http://www.av8.com
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>
>>
>
>