funsec mailing list archives
Re: So, did the BBC cross the line?
From: "Alex Eckelberry" <AlexE () sunbelt-software com>
Date: Sat, 14 Mar 2009 16:54:05 -0400
What about pollution and disruption of a botnet, be it via direct
participation, or outside measures like predictive DNS registration? Where does mitigation end? I would suggest that there is a world of difference between using a botnet to send spam, even for experimental purposes, or to change user settings, than what you're discussing here. The line I draw is actually clicking on buttons in the botnet, playing with it like it's some kind of cat or something. And then doing anything with the botnet to do something on user systems. I hope this line is clear. If it's not, I'm not sure what else to add. Alex From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of nick hatch Sent: Saturday, March 14, 2009 4:22 PM To: funsec Subject: Re: [funsec] So, did the BBC cross the line? On Sat, Mar 14, 2009 at 10:02 AM, Alex Eckelberry <AlexE () sunbelt-software com> wrote: But malware researchers routinely deal with botnets for analysis purposes. It would be considered a high crime indeed to allow a spambot to actually send spam to the outside world, even for "testing" purposes. And, shutting down a botnet yourself, even with the best intentions, is simply not a good idea. You don't know what accidental harm you may cause. You also don't really know what's on the user's system that will simpy restart the whole process. I've personally come across dozens of these things, as many of you have. I know my personal feeling is always to get the hell out of there. We need to know what we need to know in terms of mitigation, etc. but you just don't mess with these things. You don't get involved, because it's not only wrong, there are too many unintended consequences that can occurr. You're playing with fire. Report it to the ISP, report it to the relevant authorities, but don't play with live ammo like this. I'm having a hard time following your argument. Are you saying "leave this to the experts"? This sounds Is active enumeration of the number of clients in the Storm botnet (a la Holz, Steiner et al) wrong? What about pollution and disruption of a botnet, be it via direct participation, or outside measures like predictive DNS registration? Where does mitigation end? I'm honestly curious: you sound very passionate that there is a clear ethical line here somewhere, and I'd hate to miss exactly where you believe it is. -Nick
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: So, did the BBC cross the line?, (continued)
- Re: So, did the BBC cross the line? Gadi Evron (Mar 14)
- Re: So, did the BBC cross the line? David Lodge (Mar 14)
- Re: So, did the BBC cross the line? Florian Weimer (Mar 14)
- Re: So, did the BBC cross the line? David Harley (Mar 14)
- Re: So, did the BBC cross the line? Alex Eckelberry (Mar 14)
- Re: So, did the BBC cross the line? David Harley (Mar 14)
- Re: So, did the BBC cross the line? nick hatch (Mar 14)
- Re: So, did the BBC cross the line? nick hatch (Mar 14)
- Re: So, did the BBC cross the line? Gadi Evron (Mar 14)
- Re: So, did the BBC cross the line? nick hatch (Mar 14)
- Re: So, did the BBC cross the line? Alex Eckelberry (Mar 14)
- Re: So, did the BBC cross the line? Florian Weimer (Mar 14)
- Re: So, did the BBC cross the line? Alex Eckelberry (Mar 14)
- Re: So, did the BBC cross the line? Gadi Evron (Mar 14)
- Re: So, did the BBC cross the line? Paul Ferguson (Mar 14)
- Re: So, did the BBC cross the line? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Mar 15)
- Re: So, did the BBC cross the line? David Harley (Mar 16)
- Re: So, did the BBC cross the line? Valdis . Kletnieks (Mar 14)
- Re: So, did the BBC cross the line? David Harley (Mar 15)
- Re: So, did the BBC cross the line? Larry Seltzer (Mar 15)