Was: Code Red 2 cleanup -- SHOULD NSPs PULL THE PLUG? Solutions?

On Fri, 10 Aug 2001, Etaoin Shrdlu wrote ( sanitized by z@s0be.net ):

> I think an interesting solution to this problem, no matter how
> unethical would be to write a program that leverages the vulnerability to
> patch the infected machine. In fact, it surprises me that this hasn't
> been done.

It's illegal. Really. What's the difference between someone breaking into
my machine and destroying stuff, and someone breaking into, say,
x.x.x.x., and "fixing" it? None. It's illegal. And yes, I HATE the
machine that is on the other end of that IP. It is apparently installed
with either mandarin or cantonese, which means that it bothers me a LOT
when it bothers me.

It's a poorly configured win2k machine, with no proper reverse entry
(although I know it belongs to OWNER_OF_x.x.x.x). Looking isn't
illegal. I've even connected to his smtp server (but not bothered to send
mail, since vrfy doesn't really guarantee that someone is there, and I have
no evidence that he'd read email sent to administrator in any case). Sad,

It's still illegal. Yes, it'd probably be a kindness. It's still illegal.

<--( SNIP )-->


   I'm in agreement that it is illegal as well, however it does
raise an interesting issue: Under what terms, if any, should various
parties whose infrastructure is under some form of attack be able to
defend themselves and what is the extent of that defense for a given

  I think that due dilligence should be carried out in any situation, to
give someone the chance to stop ( in most situations ), but where do you
draw the line?

  NOTE: I'm not exactly condoning counterattacks, but I think in certain
situations I could definitely justify it in my mind if someone were to
take that course of action after exhausting their options for resolving a
situation in which they are under some form of attack.