Re: So, did the BBC cross the line?

[nick hatch <nicholas.hatch () gmail com>]

On Sat, Mar 14, 2009 at 10:02 AM, Alex Eckelberry <
AlexE () sunbelt-software com> wrote:

> But malware researchers routinely deal with botnets for analysis
> purposes.  It would be considered a high crime indeed to allow a spambot
> to actually send spam to the outside world, even for "testing" purposes.
> And, shutting down a botnet yourself, even with the best intentions, is
> simply not a good idea.  You don't know what accidental harm you may
> cause.  You also don't really know what's on the user's system that will
> simpy restart the whole process.
>
>
> I've personally come across dozens of these things, as many of you have.
> I know my personal feeling is always to get the hell out of there.  We
> need to know what we need to know in terms of mitigation, etc. but you
> just don't mess with these things. You don't get involved, because it's
> not only wrong, there are too many unintended consequences that can
> occurr.  You're playing with fire.  Report it to the ISP, report it to
> the relevant authorities, but don't play with live ammo like this.


I'm having a hard time following your argument. Are you saying "leave this
to the experts"? This sounds

Is active enumeration of the number of clients in the Storm botnet (a la
Holz, Steiner et al) wrong?

What about pollution and disruption of a botnet, be it via direct
participation, or outside measures like predictive DNS registration? Where
does mitigation end?

I'm honestly curious: you sound very passionate that there is a clear
ethical line here somewhere, and I'd hate to miss exactly where you believe
it is.

-Nick

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.