What constitutes authorized server access? - was Re: RPAT - Realtime Proxy Abuse Triangulation

From: Gary Flynn (flynngnat_private)
Date: Tue Dec 31 2002 - 05:20:58 PST

Next message: tcleary2at_private: "Re: RPAT - Realtime Proxy Abuse Triangulation"

Previous message: Don Phillipe: "MS IIS 5 server is hacked leaving undeletable folders and files"
In reply to: Rob Shein: "RE: RPAT - Realtime Proxy Abuse Triangulation"
Next in thread: Rob Shein: "RE: What constitutes authorized server access? - was Re: RPAT - Realtime Proxy Abuse Triangulation"
Next in thread: Stephen Friedl: "Re: RPAT - Realtime Proxy Abuse Triangulation"
Reply: Rob Shein: "RE: What constitutes authorized server access? - was Re: RPAT - Realtime Proxy Abuse Triangulation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Rob Shein wrote:

>This is fundamentally flawed logic.  To cite a physical-world
>equivalent, just because a door isn't locked doesn't make entering it
>against the wishes of the occupant anything other than breaking and
>entering, plus unlawful entry if you have illegal intent upon entering.
>The law does not recognize that failure to properly defend against
>criminal behavior means that you surrender all the protective means
>afforded by the criminal justice system.
>
So which doors are people permitted to enter without explicit permission?
HTTP server doors? ICMP echo server doors? Remote Procedure Call
doors? Universal Plug-n-Play doors? Auth (113) doors? Netbios doors?
Server Location Protocol doors?

Or is it more complicated? Netbios doors as long as its not C$? Kazaa
doors as long as its not at the root directory?

What if an organization wants to make SNMP read access available
for some reason. Whether for network performance information or
an SNMP coffee pot status.

Intent is easily provided in telnet and web sessions through common user
interfaces with login banners but that is not the case for other protocols.

Maybe we need a new RFC governing "intent notification" so that all
servers offering services to a network will state whether the server is 
meant
for public use during session negotiation. A virtual "private property-
no trespassing" sign. Cooperating client programs accessing a "private" 
server
would require a user to acknowledge access the first time through a pop-up
window or other means.

Of course, if vendors made the default for every service "public" to 
promote
ease of use, it  wouldn't do much good.

(Forgive the HTML mail if it comes through that way. I'm at home
and wrestling with new browsers/mail clients.)

>  
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: tcleary2at_private: "Re: RPAT - Realtime Proxy Abuse Triangulation"
Previous message: Don Phillipe: "MS IIS 5 server is hacked leaving undeletable folders and files"
In reply to: Rob Shein: "RE: RPAT - Realtime Proxy Abuse Triangulation"
Next in thread: Rob Shein: "RE: What constitutes authorized server access? - was Re: RPAT - Realtime Proxy Abuse Triangulation"
Next in thread: Stephen Friedl: "Re: RPAT - Realtime Proxy Abuse Triangulation"
Reply: Rob Shein: "RE: What constitutes authorized server access? - was Re: RPAT - Realtime Proxy Abuse Triangulation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jan 02 2003 - 18:52:19 PST