Thanks for the reference. I'd forgotten about that small bit of panic. It's nice to live in a liberal democracy. I think that's an overstatement of the summary presented in the article referenced. "Possibly illegal" is the strongest you can get from it. Having said that, I'm fairly safe unless the CIA has taken to using extraordinary rendition for misdemeanours (fewer than 10 exposed gateways / firewalls) or to arresting relatives! It's not clear that LaBrea is any more active than portsentry. As I understand it, all it does is to not complete the connection set-up exchange, but keep sending "wait-a-bit" responses as it has no resources to respond properly. Sounds fair enough to me. I don't allocate resources to opening non-invited connections. It's no more offensive than trying to see how long you can keep politicians talking on the doorstep, keeping phone salesmen talking, or posting unrequested free offers back to the sender without postage attached. I do all of those as well. _____ From: Jaime Santos [mailto:jesantos@alexandre-santos.com] Sent: Monday, December 12, 2005 6:24 PM To: Admin; suse-security@suse.com Subject: Re: [suse-security] Openssh + security Hi, Hmm, not just irresponsible, but also illegal in the US, so watch out if you are travelling there ;-). I heard the conditions in US prisons are not particularly pleasant :-) ... Check this (somewhat outdated) article on the LaBrea tool: http://seclists.org/lists/isn/2003/Apr/0103.html I would tend to say that any passive countermeasures (such as a porsentry like tool) are okay, any active countermeasures are a bad idea, or at least you are in swampy territory here... Best, Jaime.