[lug] DOS attack
Nate Duehr
nate at natetech.com
Tue Feb 6 19:02:35 MST 2001
Not that it's not changing every day, but does anyone have any links to good
references to current laws specifically dealing with the Internet? Specific
stuff related to security would be most interesting.
I've read through a number of statutes and what Scott mentioned is definitely
happening. Don't secure your system, expect to see a lawsuit in proportion to
your bandwidth size in the event you are used as a jumping off point for a DoS
or DDoS attack. It falls under the negligence clauses which can be hard to
prove, but it *can* happen.
And if the FBI shows up at the door with a warrant to take all of your machines
at your place of business away as evidence in the case -- which has happened --
and puts you out of business doing so -- which has also happened -- or even
takes your personal machines at home -- also has happened -- they don't really
seem to be in much of a hurry to return them. Read: Years.
The moral of the story, make a concerned effort to secure ALL machines you put
on a public IP address. If you don't, and it's used as an attacking machine
against someone else, you may be liable for damages. Only time will tell how
this shakes down in the court system.
Now I wish SANS or someone else would do a decent training track on Internet
Legal issues as they relate to security... that would be nice.
p.s. Scott, why not register interact.tv instead of interact-tv.com? :) Give
NSI some money, man. They LOVE it. (BIG GRIN)
Quoting "Scott A. Herod" <herod at interact-tv.com>:
> Hello,
>
> Speaking of DOS attacks, in one of the articles about the recent
> MS attack it was suggested that people whose machines are hijacked
> and then used for DDoS attacks should be held liable for damages.
>
>
<http://www.cnn.com/2001/TECH/computing/01/29/security.hackers.reut/index.html>
> ( last couple of paragraphs )
>
> I find that idea a bit disconcerting but it is somewhat like regulations
> requiring you to keep firearms locked up in your home. ( Of course
> getting
> a gun safe is a lot easier than trying to figure out how to set up and
> maintain
> an ipchains firewall. )
>
> Scott
<Snipped D.S.'s comments about his ISP and DoS attacks...>
--
Nate Duehr, nate at natetech.com
More information about the LUG
mailing list