[Dshield] What should I do next

Ed Truitt ed.truitt at etee2k.net
Sat May 11 03:06:39 GMT 2002

I am also not a lawyer, so don't take this as legal advice.  My $0.02 is
this:  if you can't get the offending host's owner to fix it, then set your
firewall rules to DROP any inbound packets from that IP.  If the admin of
that netblock is THAT clueless, then put the whole netblock in your firewall
DROP/ router DENY list.  And, let the admin (and his/her bosses, if
possible) know what you are doing, and why. (you might also cc us on email.)

With all due respect to "Ram" and others of like mind, I can't EVER
recommend you hack into / alter someone else's machine.  It is sort of like
breaking into someone's house to turn off a light that is pointed into your
bedroom window - it is far better to simply close the curtains.

Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."

----- Original Message -----
From: "Ram" <bitbucket at ram.ac>
To: <list at dshield.org>
Sent: Friday, May 10, 2002 10:57 AM
Subject: RE: [Dshield] What should I do next

> The nicest thing to do after repeated fails to stop the assault would
> probably be to configure the zombie to install all the latest patches
> automatically at boot time, and set it to reboot regularly.
> My legal opinion (and I have no legal education at all - so don't listen
> to me!) is that so long as you try to be kind and reasonable it is legal
> to escalate your defensive moves until you are successful in defending
> yourself. I pay good $$ for my internet bandwidth - I am not ok with
> careless sysops wasting my money, even if they don't know better.

More information about the list mailing list