RE: CRIME Senator Hatch - Destroy file swappers' computers

From: Christiansen, John (SEA) (JohnC@private)
Date: Thu Jun 19 2003 - 11:41:46 PDT

  • Next message: Crispin Cowan: "Re: CRIME Senator Hatch - Destroy file swappers' computers"

    If the ISP is responsive and the rules of engagement say you don't escalate
    if the ISP is responsive, then hacking back isn't legit. But that doesn't
    suggest you should avoid figuring out what the rules should be - seems to me
    it suggests you should figure out the rules. We didn't have this one before,
    did we? But now we have a consensus on this point. So all we need to do is
    make sure sysadmins are appropriately responsive and the rules around
    escalation become moot. So, following this alternative branch, what are the
    rules for sysadmin responsiveness? In other words, when can I hold an ISP
    liable for failing to cut off hostile activity?    
    
    -----Original Message-----
    From: Crispin Cowan [mailto:crispin@private]
    Sent: Thursday, June 19, 2003 11:30 AM
    To: Christiansen, John (SEA)
    Cc: crime@private
    Subject: Re: CRIME Senator Hatch - Destroy file swappers' computers
    
    
    Christiansen, John (SEA) wrote:
    
    >2. Technical contacts should be attempted as one of the first lines of
    >action. If they are responsive that ought to fix the problem. But
    experience
    >teaches they aren't always responsive, so what to do then? This is where
    >"rules of engagement" might specify, for example, that you cannot
    >legitimately escalate to self-help without trying this route first, and
    >having it fail.
    >
    I submit that these problems can *always* be solved by technical means 
    without having to "hack back". Regardless of where the attacking machine 
    is, there is always a responsive ISP between the attacker and you. You 
    ask that ISP to block the attacker's traffic.
    
    In the limit, that ISP is your own ISP. But it still works.
    
    One step beyond the limit is where the attacking machine is inside your 
    own domain. At this point it is a management problem.
    
    Hacking back is never appropriate, unless we're talking nation states at 
    war.
    
    Crispin
    
    -- 
    Crispin Cowan, Ph.D.           http://immunix.com/~crispin/
    Chief Scientist, Immunix       http://immunix.com
                http://www.immunix.com/shop/
    



    This archive was generated by hypermail 2b30 : Thu Jun 19 2003 - 12:12:09 PDT