On Sun, 23 Sep 2001, Kurt Seifried wrote:
I have a right to do anything I want with a malicious connection made to my machine, EVEN sending it a ton of viri, but Labrea does not do that, it just keeps on hanging on.
Any you want to fix your broken mailer do not break quoting with senseless line wraps.
While there are laws regarding things like home intruders and the use of deadly force for example in some countries there are no laws AFAIK making it ok to attack people back online. IF you know of laws allowing such behaviour in a country I would love to know about it.
Heck, if his systems are in the process of flooding mine, I can hold them. Assuming the LaBrea.README is true, all the thing does is set up tarpits on unused IPs via ARP spoofing on "request". These tarpits supposedly send a SYN|ACK packet in response to a SYN packet, and ignore the rest of the conversation until it times out.
You have perhaps a more effective solution?
Yes. firewall it. Do not send anything back.
Oh. Very effective if you don't know who's the next to toss out the worm again. Very useful if you have a web server up and running. </IRONY> Seriously, LaBrea does not send spamloads back or something, it just accepts the connection from the scanner. I cannot see how that would be illegal. No-one says you must not lie to the scanner. BTW, for Germany, see §§ 32, 34, 35 (Title IV) of the Strafgesetzbuch (Penal Code), a translation of which is available at http://wings.buffalo.edu/law/bclc/germind.htm - German text (claimed up-to date) for example at http://dejure.org/gesetze/StGB/32.html I cannot see how LaBrea would be unlawful in Germany. The "attacker" is free to abort the connection at any time and advance to the next "victim". However, sending things back may be considered sabotage if it breaks the box, and this breakage may outweigh the gain, particularly if the own systems are not susceptible to the virus that is replied to with "crash code".