Date: Thu, 05 Apr 2001 17:38:49 +1000 From: Kal Torak <kaltorak@quake.com.au> To: William E Reid <wer@nomad.eng.cstone.net> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Chasing the kiddies (still) (was: Named Keep crashing) Message-ID: <3ACC2109.1B1B8E46@quake.com.au> References: <Pine.BSF.4.21.0104050206380.48604-100000@nomad.eng.cstone.net>
next in thread | previous in thread | raw e-mail | index | archive | help
William E Reid wrote: > > Well, > > I would like to say a few things. > > I am not a security expert. I have opinions about how things > should be. We have updated bind on all our servers. That is what this > whole discussion was about. Was being the key word... we have since moved onto the broader topic of security on the net :) > I do think that one person can only do soo much. If you walk in > to administer a network you never know what you are going to get. It took > us a year to clean ours out. There are many things that can make things > complicated even for a guru genius. > > I do agree ( with Scott? ) that maintaining a couple dozen > machines is not hard. I am new to all this as well but love it and enjoy > the problems and open discussions. Its always good to get a chalange now and then! But if you only have a small network and you are pro-active on security you really shouldnt have any problems! There are a lot of bad admins out there, they whine about people cracking there servers, and while damaging someone elses systems is criminal and needs action to be taken, the admin also needs to realise its atleast 50% there fault! > I know everyone knows these things but since we are all talking > about it. Don't run services that are not needed on a given box. Don't > give your users shell accounts. If you hear of a complaint of some kid > from your network causing trouble.... call their parents ya-da ya-da... I prefer to deal with would be crackers personaly, there is no need to have police involved unless they really caused a lot of damage (eg. cost you in real terms, not made up figures). I have never had anyone gain root on any of my systems (I had nightmares about it tho :P) but if they did, and did not proceed to trash the system I would be quite happy not to get any authoritys envolved so long as they were willing to help me patch the hole they found... Most of the time when hackers become crackers, its out of curiosity and trying to explore and figure out how things work, I dont see any harm in this, and dont really consider it a crime... I becomes a crime when they are doing these things for financial gain or to cause financial loss / ruin... There are plenty of real criminals out there, there is no need to pick on curious little hackers just having a look around, figuring things out... Sure there are the lame little kids with the latest script looking to try it on something, and they are wrong to try and cuase damage, but they dont really know what there doing, why should they be punished like a real criminal? > I feel responsible whenever a user of mine has been caught being > bad. Educate people. Educate kids and kiddies and spread the > ethics. There are four machines that I have ever port scanned. All were > under my control... Educate people, and help them educate them selfs! There is no need to fire off mail to abuse@whereever because you see someone was running a port scan! Unless its comming from there system, in which case the ethical thing to do is warn them that there security may have been breached... > Lastly don't join too many lists because occasionally a thread > will come along that just takes up a lot of time. (But I enjoyed hearing > everyone thinking out about this one). Thats good advice :P > That's it. Nothing mind breaking.... all you guys were just tripping me > out. A lot of people dont see things this way, and we can twist words and compare computer systems to other things to try and make our points, but think about it... Are the punishments really fitting the crime? Is there really a need to react to half of these things? Laws wont solve security problems, they will how ever ruin poor kids lives that were just exploring and trying to learn... Be pro-active with security and give the kids a break eh? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3ACC2109.1B1B8E46>