I can't believe anyone honestly considers a "counter-attack" worm the same as self-defense. Deadly force, or otherwise normally illegal amounts of force, is justified only in defense of your life, or the lives of others, your physical well-being, or the physical well-being of others. Defense is something done to prevent something from happening, retaliation is something done in response to a previous act. Furthermore, from what I gather, it's not even retaliatory, it's pre-emptive, being a automated worm like CR. In any case, it is illegal, and rather morally and ethically suspect. Releasing yet another worm that attempts unauthorized access to someone's machine, and then runs code on it is illegal. Look at it this way: Say someone does this counter-worm for telnetd buffer overflows, and you have a black box on your network that can only be accessed via telnet (say a printer, or router, or so forth) and it is BSD based, and now you have two worms to worry about, for your boss to ask why it wasn't fixed, etc. There are less painful ways to let people know, and if they still don't respond, they'll get hammered by all the malicious code that is already out there. No need to add to the mess. Imagine what the internet (as a community of network and systems and their admins) would be like if everyone did this. Ugly, isn't it ? Just my opinion, and since I just had my appendix out yesterday, I am rather heavily medicated. So please pardon the typos and other little errors. - John -----Original Message----- From: Jay D. Dyson [mailto:jdysonat_private] Sent: Thursday, September 06, 2001 5:31 PM To: Vuln-Dev List Subject: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) -----BEGIN PGP SIGNED MESSAGE----- On Thu, 6 Sep 2001, abel wrote: > If someone threatens me with a gun, according to the laws of most > countries, I am allowed to defend myself, even if it is by blowing his > head off with a bigger gun. True, but the law does not afford you the latitude to shoot said offender in the back. And regardless of the justification for the counterattack in such cases, you can bet you'll be spending a good deal of time and money defending yourself before a Grand Jury. The same is true in cases of digital counterattack. Sure, you'll feel like you're "doing something" and all that, but don't act surprised when the boys at the Bureau cast the Great Hairy Eyeball your way. You may feel yourself totally absolved of wrong, but don't count on anyone at any LEA feeling the same way. Sure, there are clear-cut cases of defense, but this isn't one of them. > Why would we look upon the idea of a "code-green" variant, whichever it > will be as "immoral" and "unethical" ? I don't. I instead look on it as wholly inadvisable. The mother of these sorts of inventions isn't necessity; it's frustration. Sure, I understand the angst of seeing one's systems repeatedly scanned by the Win2K box down the pipe, but that doesn't mean it's a Good Idea(tm) to break into that box and have it rattle off unauthorized activities against other systems (which is essentially what Code Red *and* Code Green do). > If your son decides to have unprotected sex at age 15, do you hand him a > condom and explain why he should use, despite the fact that he is > legally to young ? Or do you let him do whatever he had planned and run > the risk of catching another sort of virus ? That analogy is grossly flawed. Try another one. Peer systems on the 'net aren't even remotely the digital equivalent of your children. - -Jay ( ( _______ )) )) .--"There's always time for a good cup of coffee"--. >====<--. C|~~|C|~~| (>------ Jay D. Dyson -- jdysonat_private ------<) | = |-' `--' `--' `--- Failure is never as devastating as regret. ---' `------' -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: See http://www.treachery.net/~jdyson/ for current keys. iQCVAwUBO5gHKblDRyqRQ2a9AQFfUwP+K0sm7dRyWSjzBhgBOlb52EwtTTeTksE+ BCWNdPnr9ElACwY5whpfBIKZvY49TVppsfmOHse4y4QsU9VZhdeVug/bBVRzrVly fzK5on7EaEHjdoSvhAHxsPhpY31RkMbISlRR7Vh7hshLZVFRLLmPevjitVlfNs14 FWyHth9KR0k= =Ddii -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 23:06:28 PDT