[Dshield] Port 135

Coxe, John B. JOHN.B.COXE at saic.com
Wed Oct 16 19:37:05 GMT 2002


That is a nice fundamental question.  I think we are still in the wild, wild
west on that.  The Robot Exclusion Standard is 8 critical years old now and
serves only as a gentleman's advisory and AFAIK has no real legal standing.
OTOH, exploiting a trojan can get you thrown in the clinker.  There really
is no registry of available hosted public services, none planned of which I
am aware, and the law is far behind in defining appropriate legal use of
available services, short of DoS breed of disruptions.

Has anyone boldly set up desktop trojans to use port 80 (or even 25)?  If
widespread through a worm infestation, that could present a real mess.  Most
trojans live on regular desktops not running network services like smtp or
http.  Differentiating them could be messy, particularly if they respond in
a fashion that mimics the http protocol with a signature identical to a
common server (IIS or apache).

-----Original Message-----
From: Johannes Ullrich [mailto:jullrich at euclidian.com]
Sent: Wednesday, October 16, 2002 10:19 AM
To: list at dshield.org
Subject: Re: [Dshield] Port 135



> This has got to be illegal. How can someone who is accessing your
> internal network through your firewall, without getting prior permission,
> be operating within the law? I'm no lawyer, but someone who gets hit
> should take the spammer and/or the software vendor to court.

Well, do they need special permission to connect to a web server?
Offering a service kind of implies permission to connect to it unless
there is a banner / password prompt that says otherwise. 

At least that would be my defense in court if I would run a spam service
like this.

--
--------------------------------------------------------------------
jullrich at euclidian.com             Collaborative Intrusion Detection
                                         join http://www.dshield.org




More information about the list mailing list