Is not SNMP used to manage the Internet? I would think that queries on public would not be illegal at all. More like a passerby looking at the sign on the door. Breaking into the system into the read/write community might land you in the clink (or if somebody got rambunctious, in Cuba). ---K Jay D. Dyson wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, 24 Dec 2002, Mathias Wegner wrote: > > >>>I would be very nervous about running this, remote SNMP queries of >>>someone elses system (say a .gov or .mil proxy) may be considered >>>illegal activity in some jurisdictions. >>> >>Depending on the SNMP daemon, it would/should be as illegal as opening >>an ssh investigating the system from the command line. Most SNMP offers >>at least some amount of configuration via the read/write community. I >>know that when I see SNMP queries on network hardware that I manage, I >>consider it hostile activity. >> > > Color me jaded, but if someone has an open proxy and spam is > spewed my way via that avenue, it's a pretty fair bet that the system I'm > scanning is run by an admin who -- whether through ignorance or sloth -- > doesn't know or do jack about securing or monitoring his system. > Moreover, open is open; whether a relay, proxy or anonymous FTP server. > It is impossible to be charged with breaking and entering when there's no > breaking involved. > > With that in mind, I would not waste any time or energy worrying > about whether or not my scan would be picked up. Let's face it, a spammer > just spewed through the idiot's proxy. Yet we're supposed to believe that > this otherwise lazy dope now possesses the Eagle Eye of All Intrusion > Detection Systems? Maybe I'm just cynical, but I really doubt it. > > All that said, I should point out that I am not a lawyer. I > prefer to make an honest living. > > - -Jay > > ( ( _______ > )) )) .-"There's always time for a good cup of coffee."-. >====<--. > C|~~|C|~~| (>------ Jay D. Dyson - jdysonat_private ------<) | = |-' > `--' `--' `How about a 10-day waiting period on YOUR rights?' `------' > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.7 (TreacherOS) > Comment: See http://www.treachery.net/~jdyson/ for current keys. > > iD8DBQE+DJooTqL/+mXtpucRAjy+AKCZ9eiSmvKyuSzZuNX9hbXTF9IDRACg4/gN > 2Gs+0tVYEQqykUc+/AUgFBg= > =/ofa > -----END PGP SIGNATURE----- > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Dec 27 2002 - 15:42:30 PST