Hi, On 23 Sep 2001, at 1:49, Kurt Seifried wrote:
While there are laws regarding things like home intruders and the use of deadly force for example in some countries there are no laws AFAIK making it ok to attack people back online. IF you know of laws allowing such behaviour in a country I would love to know about it.
actually you must assume, that the owner of the attacking machine is not aware of it but a victim himself. If he did it on purpose, a back- attack could be seen as selfdefense, but it is hardly possible to proof that at court. Some cable providers here in Austria cut down customers access because they were (believed) infected by code red, actually we have no judication by now, if that was legal or not. I got such warnings too and I have only a NetBSD box without any server daemons running connected, and a friend of mine with a win98 box without servers was actually cut off! So you can be shure these machines were not infected. But with such unprecise laws people are not likely to take this to court. BUT: If i correctly understood the technology behind the system, all you do is to keep hold of the attacker. If his system crashes it is for a bad implemented TCP/IP stack. I would see this like someone wants to send you a fax to your (vice) telephone line and you pick up the phone, and do not hang up anymore. He has to pay the telephone cost. And I do not think there are laws that prohibt that. Simplified the program says: "Hi, I am here, please send only very small packets" and then does not answer anymore until his TCP/IP stack times out or crashes (whatever happens first). mike