Hi, I had the same problem with reporting hack-, DoS- or spam attempts to sysadmins of offending networks - most of them didn't even reply, so in most cases I had to stop all network activity from/to the corresponding networks in order to protect our users and my mind from driving crazy; this just cures the immediate attacks but it's useless against the real black hats. This may lead to the conclusion that some admins just don't know (and don't *want* to know) anything about network security in general. Often there are ambitious employees with autodidactive knowledge who are going to be assigned to manage huge networks. In this process they are so deeply covered with problems that they just do not have the nerve to care about security; they just hope that nobody attacks their systems and carry on solving their petty problems. I once had a chat with a bunch of lawyers about this problem where we discussed certain ways of proper reaction against "immutable" sysadmins, but soon we agreed that sueing these people or threatening them with mails filled with excerpts from certain laws wouldn't do any good; a slightly mistyped or misinterpreted paragraph of such a mail may lead to more legal trouble for yourself than your mail to the sysadmin could provoke in his company, even more if the offending network is based in an other country than you are; legislation and the law is quite a complex thing to deal with. In this context I thought about some kind of early warning system for responsible sysadmins like the bugtraq list for security vulnerabilites; what do you folks think, is it possible to set up some kind of mailing list or newsgroup where data about insecure/offensive networks can be posted and/or commented? Boris --- On 17-Oct-00 Michael Weiser wrote:
Hello,
I'm administering some Linux machines permanently connected to the internet which I'm trying to protect reasonably. Therefore I disable unneeded services, keep software up-to-date, run a packet filtering firewall and use a intrusion detection and protection tool (snort).
But the number of ping-, version- and portscans increases every day, which makes me want to react more actively. Of course it'd be stupid to attack the attacker myself but I'd like to at least notify the administrators of the malicious users/customers of what's going on so that they (can) stop it.
No problem so far but unfortunately a lot of sysadmins don't seem to feel responsible until someone sues them. Therefore I'd like to send out a carefully researched mail filled with some paragraphs to make 'em think. But since I'm a complete idiot at legal issues I don't want to do it myself and prefer some already better done work of someone who knows what she is speaking about. :)
So my (frequently asked, I fear) question is: Can someone help me out with such a text, some facts or a starting point for a search? I'd especially be interested in German and American law since I and the machines in question are situated in Germany and most attacks come from American networks. [...]