Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Benign Worms
From: Michael Holstein <michael.holstein () csuohio edu>
Date: Mon, 16 May 2005 09:27:54 -0400

Not true. Intent is *everything* as far a criminal activity is concerned.

Funny .. everytime I try and say "no, officer, I didn't realize the speed limit was 25 on this street", I still get nicked.

Intent aside, if you restrict the worm to your subnet that you own and are
authorized to alter the systems on, then even releasing a malicious worm
would be legal. Maybe not very smart, but legal. It's only illegal if you
affect systems you're not authorized to affect.

The road to hell is paved with good intentions. Consider Nachi/Welchia : the coders figured it'd be worthwhile to "ping" the host before trying anything else, to save time. A good idea in principle until you get thousands of machines infected and all-of-a-sudden, we all block ICMP everywhere we can (and stuff like path-MTU breaks).

Besides, I do know my /16. I know it well enough to realize that there is tons of stuff on it that isn't "mine". Student PCs, professors laptops from home, whatever. Even having worked for a .gov where I was releatively certian that everything *was* ours, there was tons of stuff that couldn't afford to get crashed by a "helpful" worm. There was no shortage of DBAs that would have like to seen my nipple in the ringer for such a stunt.

We've all tried this sort of thing in one variation or another -- a logon script to update A/V sigs, install some new software, whatever. And I can bet nearly every one of us encountered some bizare install of something that we didn't anticipate and it completely hosed the target.

Save yourself the legal expenses of writing such a worm and invest in a enterprise management system (OpenView, LanDesk, etc).

Cheers,

Michael Holstein CISSP GCIA
Cleveland State University
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault