Hosting Provided By

Re: RPAT - Realtime Proxy Abuse Triangulation

From: Kevin Reardon <Kevin.Reardon(at)oracle.com>
Date: Fri Dec 27 2002 - 13:55:29 EST

Is not SNMP used to manage the Internet? I would think that queries on public would not be illegal at all. More like a passerby looking at the sign on the door. Breaking into the system into the read/write community might land you in the clink (or if somebody got rambunctious, in Cuba).

---K

Jay D. Dyson wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Tue, 24 Dec 2002, Mathias Wegner wrote:
>
>

>>>I would be very nervous about running this, remote SNMP queries of
>>>someone elses system (say a .gov or .mil proxy) may be considered
>>>illegal activity in some jurisdictions.
>>>
>>Depending on the SNMP daemon, it would/should be as illegal as opening
>>an ssh investigating the system from the command line.  Most SNMP offers
>>at least some amount of configuration via the read/write community.  I
>>know that when I see SNMP queries on network hardware that I manage, I
>>consider it hostile activity. 
>>

> 

> 	Color me jaded, but if someone has an open proxy and spam is

> spewed my way via that avenue, it's a pretty fair bet that the system I'm
> scanning is run by an admin who -- whether through ignorance or sloth --
> doesn't know or do jack about securing or monitoring his system.
> Moreover, open is open; whether a relay, proxy or anonymous FTP server.
> It is impossible to be charged with breaking and entering when there's no
> breaking involved.
>
> With that in mind, I would not waste any time or energy worrying
> about whether or not my scan would be picked up. Let's face it, a spammer
> just spewed through the idiot's proxy. Yet we're supposed to believe that
> this otherwise lazy dope now possesses the Eagle Eye of All Intrusion
> Detection Systems? Maybe I'm just cynical, but I really doubt it.
>
> All that said, I should point out that I am not a lawyer. I
> prefer to make an honest living.
>
> - -Jay
>
> ( ( _______
> )) )) .-"There's always time for a good cup of coffee."-. >====<--.
> C|~~|C|~~| (>------ Jay D. Dyson - jdyson@treachery.net ------<) | = |-'
> `--' `--' `How about a 10-day waiting period on YOUR rights?' `------'
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (TreacherOS)
> Comment: See http://www.treachery.net/~jdyson/ for current keys.
>
> iD8DBQE+DJooTqL/+mXtpucRAjy+AKCZ9eiSmvKyuSzZuNX9hbXTF9IDRACg4/gN
> 2Gs+0tVYEQqykUc+/AUgFBg=
> =/ofa
> -----END PGP SIGNATURE-----

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Fri Dec 27 18:29:10 2002

This message: [ Message body ]
Next message: Roger Thompson: "Re: NIMDA - ceased ? -"
Previous message: H C: "RE: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second"
In reply to:(deleted message) Jay D. Dyson: "Re: RPAT - Realtime Proxy Abuse Triangulation"
In reply to Omar Herrera: "RE: Ip spoof from 0.0.0.0"
Next in thread: Rob Shein: "RE: RPAT - Realtime Proxy Abuse Triangulation"
Reply: Rob Shein: "RE: RPAT - Realtime Proxy Abuse Triangulation"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:55 EDT