[Dshield] Port 135

John Hardin johnh at aproposretail.com
Thu Oct 17 17:07:21 GMT 2002


On Thu, 2002-10-17 at 06:05, Lauro, John wrote:
> > >>>> 
> > having knowingly accessed a computer without authorization or
> exceeding authorized access 
> > <<<< 
> > 
> > Clearly this is knowing, without authorization and even though 135,
> and for the sake of argument
> > 80 may be exposed, the access exceeds what the system's owner
> authorizes. 
> 
> It is simply a message.  The computer was not accessed in an
> unauthorized manner. Otherwise, it would be illegal to send e-mail to
> someone without prior authorization... 

Hmm. Maybe we're splitting hairs here, but:

Putting up a web server or mail server and knowingly allowing the
traffic through your firewall is implicit authorization for the public
to access that server.

Having an unusual service running by default, that you may not even be
aware of, and by accident or oversight - but *not* knowingly - allowing
traffic through your firewall to that service, is not something I would
call authorization for public access.

Ignorance perhaps, clumsiness perhaps, but not authorization. Thus the
access is unauthorized.

-- 
John Hardin                                   <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
 ...people confuse "security" and "Trustworthy Computing."
                                 - Craig Mundie, MS Senior VP and CTO
-----------------------------------------------------------------------
 62 days until The Two Towers




More information about the list mailing list