On Wed, Oct 18, 2000 at 12:28 +0200, bolo@lupa.de wrote:
Hi,
In this context I thought about some kind of early warning system for responsible sysadmins like the bugtraq list for security vulnerabilites; what do you folks think, is it possible to set up some kind of mailing list or newsgroup where data about insecure/offensive networks can be posted and/or commented?
I don't think that a possible thing. Not that I'd say it's not useful but you may runin legal trouble with such a list. Imagine someone tells "the public" your network is malicious/insecure/ offensive, would you like that? Or wouldn't you sue the author? (no offence meant!) I think a bug in some software is a thing you can verify, an attack is not possible to verify in a similar manner. If you aren't the victim you usually don't even recognize an attack. But such a list would be usefull though. IMHO Greetings Volker
Boris ---
On 17-Oct-00 Michael Weiser wrote:
Hello,
I'm administering some Linux machines permanently connected to the internet which I'm trying to protect reasonably. Therefore I disable unneeded services, keep software up-to-date, run a packet filtering firewall and use a intrusion detection and protection tool (snort).
But the number of ping-, version- and portscans increases every day, which makes me want to react more actively. Of course it'd be stupid to attack the attacker myself but I'd like to at least notify the administrators of the malicious users/customers of what's going on so that they (can) stop it.
No problem so far but unfortunately a lot of sysadmins don't seem to feel responsible until someone sues them. Therefore I'd like to send out a carefully researched mail filled with some paragraphs to make 'em think. But since I'm a complete idiot at legal issues I don't want to do it myself and prefer some already better done work of someone who knows what she is speaking about. :)
So my (frequently asked, I fear) question is: Can someone help me out with such a text, some facts or a starting point for a search? I'd especially be interested in German and American law since I and the machines in question are situated in Germany and most attacks come from American networks. [...]
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
--
The main failure in computers is usually between keyboard
and chair. (unknown)
Volker Tanner