Date: Mon, 20 Aug 2001 15:53:03 -0400 From: Bill Moran <wmoran@iowna.com> Cc: Tim Erlin <tperlin@yahoo.com>, freebsd-questions@FreeBSD.ORG Subject: Re: Code Red Message-ID: <3B816A9F.2EB834BE@iowna.com> References: <20010820163305.60779.qmail@web11706.mail.yahoo.com> <01082021311403.04869@pcmarpxy.tninet.se>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Rowlands wrote: > > On Monday 20 August 2001 18:33, Tim Erlin wrote: > > Doesn't Code Red leave a backdoor open on the servers > > it's infected? Anyone explored ways to respond to the > > http requests that shutdown IIS on the offending > > server? What would the legal implications of doing so > > be -- self-defense? > > > > no no no! don't go there my friend, it is almost certainly illegal in almost > every jurisdiction in the world. (even if superficially attractive). Just > think of when you inadvertently crash some .com's commerce server. > Gonna be a nice fat lawsuit there. I wasn't going to comment, but I guess I will ... Mark is 100% right. Your best bet is to take the following steps in order: 1) build a firewall rule to block the server 2) contact the server admin and complain 3) if they don't do anything in a reasonable amount of time. Have your company lawyer contact them. 4) sue if necessary Sounds like a lot of work? It is. But if I had goofed and one of my servers had been compromised, I _would_ sue if someone crashed me without at least notifying me first. Imagine the neighbor's dog is barking at night and keeping you awake, so you shoot the dog. Do you think you're going to be held liable? Sure thing. You're much better off complaining until something is done about it. More work? Yes. But that's life, I guess. That self-defense thing only works if someone has endangered your life. You can't claim self-defense when you shoot the dog - I doubt it will work with a server. As usual, I'm not a lawyer so my opinions offically mean nothing. If you question my judgement, you should contact a real lawyer before taking action. I'm not responsible for anything done based on my advice. No purchase necessary. Void where prohibited. Contest ends January 1, 1900. -Bill -- "Where's the robot to pat you on the back?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B816A9F.2EB834BE>