[lug] DOS attack

Nate Duehr nate at natetech.com
Tue Feb 6 19:02:35 MST 2001 

Not that it's not changing every day, but does anyone have any links to good 
references to current laws specifically dealing with the Internet?  Specific 
stuff related to security would be most interesting.

I've read through a number of statutes and what Scott mentioned is definitely 
happening.  Don't secure your system, expect to see a lawsuit in proportion to 
your bandwidth size in the event you are used as a jumping off point for a DoS 
or DDoS attack.  It falls under the negligence clauses which can be hard to 
prove, but it *can* happen.

And if the FBI shows up at the door with a warrant to take all of your machines 
at your place of business away as evidence in the case -- which has happened -- 
and puts you out of business doing so -- which has also happened -- or even 
takes your personal machines at home -- also has happened -- they don't really 
seem to be in much of a hurry to return them.  Read: Years.

The moral of the story, make a concerned effort to secure ALL machines you put 
on a public IP address.  If you don't, and it's used as an attacking machine 
against someone else, you may be liable for damages.  Only time will tell how 
this shakes down in the court system.

Now I wish SANS or someone else would do a decent training track on Internet 
Legal issues as they relate to security... that would be nice.

p.s. Scott, why not register interact.tv instead of interact-tv.com?  :)  Give 
NSI some money, man.  They LOVE it.  (BIG GRIN)

Quoting "Scott A. Herod" <herod at interact-tv.com>:

> Hello,
> 
> Speaking of DOS attacks, in one of the articles about the recent
> MS attack it was suggested that people whose machines are hijacked
> and then used for DDoS attacks should be held liable for damages.
> 
> 
<http://www.cnn.com/2001/TECH/computing/01/29/security.hackers.reut/index.html>
> ( last couple of paragraphs )
> 
> I find that idea a bit disconcerting but it is somewhat like regulations
> requiring you to keep firearms locked up in your home.  ( Of course
> getting
> a gun safe is a lot easier than trying to figure out how to set up and
> maintain
> an ipchains firewall. )
> 
> Scott

<Snipped D.S.'s comments about his ISP and DoS attacks...>

--
Nate Duehr, nate at natetech.com

More information about the LUG mailing list