nanog mailing list archives
Re: My First Denial of Service Attack..... (fwd)
From: Curtis Villamizar <curtis () ans net>
Date: Tue, 08 Oct 1996 12:32:41 -0400
In message <Pine.BSI.3.91.961007142537.18460A-100000 () fig leba net>, Tersian wri tes:
Here's a non-relevant anecdote you reminded me of:Your anecdote reminded me of a story someone told me recently about AT&T. I am not going to type it all out here, but I will summarize. Company A hires Company B to do some trenching along the highway to install new fiber for Company A. Company B's backhoe operator accidentally cuts a major AT&T backbone causing serious outages. AT&T not only sues the backhoe driver, but Company B and Company A, forcing them both to declair chapter 11. My point is here, if we start taking hackers to court, what happens in this scenario: Hacker is from badguy.com telnets to compromised.jumpoff.com then SYN floods att.com? [Disclaimer: the hosts above were for demonstrative purposes only, the hosts are fictional, bearing no direct correlation to any living or dead] Who gets sued? Both providers, neither, or just the hacker? It brings up some interesting questions. Ben
It sort of depends on whether the providers contracted the hacker to do the work on adjacent property (their computers) and strayed onto AT&T property (AT&T's computers) and did damage as in the backhoe case. If so, you'd have a similar case. An analogous case would be something like provider.A hires consulting-firm.B and their programmer attacks AT&T's network. Companies need to have written "thou shalt not hack" policies and take reasonable precautions to insure that their employees or contractors are not hacking. Back to your example. IMO: The providers would be at a liability risk if they did not provide reasonable measures to insure that they did not contribute to the damages done to another party. This is like other liabilities where if someone is injured you are at risk unless you did everything reasonable to prevent putting other people in harms way. Given this interpretation, compromised.jumpoff.com would be at risk if they could be shown negligent in the administration of their site. If they left the door wide open to hackers, IMO they'd be at risk. If they were warned due to prior incidents and continued to leave the door wide open, they'd be very seriously at risk. #include <not-a-lawyer.std-disclaimer> Curtis - - - - - - - - - - - - - - - - -
Current thread:
- RE: My First Denial of Service Attack..... (fwd) Michael Dillon (Oct 06)
- Re: My First Denial of Service Attack..... (fwd) Avi Freedman (Oct 06)
- <Possible follow-ups>
- RE: My First Denial of Service Attack..... (fwd) Tim Salo (Oct 06)
- Re: My First Denial of Service Attack..... (fwd) Avi Freedman (Oct 06)
- Re: My First Denial of Service Attack..... (fwd) Tersian (Oct 06)
- Re: My First Denial of Service Attack..... (fwd) Eric Ziegast (Oct 07)
- Re: My First Denial of Service Attack..... (fwd) Tersian (Oct 07)
- Re: My First Denial of Service Attack..... (fwd) Curtis Villamizar (Oct 08)
- Re: My First Denial of Service Attack..... (fwd) Tersian (Oct 08)
- Re: My First Denial of Service Attack..... (fwd) Avi Freedman (Oct 06)
- Re: My First Denial of Service Attack..... (fwd) Ed Morin (Oct 07)