[Dshield] Port 135

KeithTarrant@spamcop.net KeithTarrant at spamcop.net
Mon Oct 21 23:52:59 GMT 2002


----- Original Message -----
From: "Micheal Patterson" <micheal at cancercare.net>
To: <list at dshield.org>
Sent: Sunday, October 20, 2002 11:22 PM
Subject: Re: [Dshield] Port 135


>authorization. The problem stemmed when someone called and opened bogus
>accounts and filled up the drive space. Course, the situation is a bit
>different with the port 135 issue, however, if property (personal or
>business related) because of the messages, it could cause issues for the
>sender

The main difference being missed is that the recipient of port 135 "hey
you probably have a virus" warning actually initiates the
transaction/conversation in which the "hey you seem to have a virus"
warning is sent -- the recipients do this by making the initial probe.
That a couple of hours pass before the reply means nothing to a judge.
Judges deal in days, weeks and months, not nanoseconds.

And that the owner of the recipient computer didn't know their computer
made the probe doesn't matter since they obviously been negligent in not
taking reasonable steps to ensure their computer didn't trespass in this
way (attempting to spread a harmful worm), and since the warning was
politely asking them to take such reasonable steps.

In the case of comparing BBS entry with warnings to port 135 you have
these points that didn't apply to your BBS case:

1. the recipient of the port 135 reply carried out the act of connecting
to the network, as opposed to your BBS where the sender made the
connection.

2. the recipient of the port 135 "did you know you have a virus" warning
actually initiates the conversation by first sending a probe to a port of
the sender of the warning (or the computer sending the warning is sending
the warning as a service for the computer that received the probe), as
opposed to your BBS where the sender connected to your BBS unsolicited

3. the sender of the warning is not attempting to read information from or
store information on the recipient computer, but is rather carrying out a
good Samaritan act of letting the recipient's custodian know their system
is infected, whereas the person(s) connecting to your BBS was storing
enough information to bring down your BBS, interfering with its operation
for no benevolent reason.

4. most BBS's had messages that went out when you connected, kind of a "no
trespassing sign".  some also had passwords.  Did yours?

5. the recipient of the warning could be held liable for damages to any
computers infected if he or she did not take reasonable action to limit
the contagion.  Complaining about warning messages rather than acting on
them would have financial ramifications for the recipient of the warning.

Where there is no specific separate legislation for the cyber world,
judges are trying to apply the law in a similar manner as to the
corresponding physical world offense -- at least this is what I've seen
judges say on TV and seen them quoted as saying in print.

The roof of your house is on fire.  A neighbour sees it.  The neighbour
runs across the street to your yard, no fence, no gate, no trespassing
sign, and rings the bell and starts shouting "Fire, Fire, Get out, Get out
!!!"

Or you are in the country and your neighbour sees the fire from across the
valley and phones to tell you.

And there are people here who seriously think that that such a good
Samaritan neighbour could ever be successfully prosecuted for trespassing
or making a prank phone call, because those things are the perfect
analogies in the minds of the non-technical.  Bring on the lawsuits for
false arrest and malicious prosecution.

And instead of calling the fire department or taking other actions to
extinguish the fire you call the police to have your neighbour charged
with trespass and as a result the fire spreads and several other houses in
the area are damaged.  I see lawsuits there too, from the owners of your
neighbor's buildings against you.

*** On the other hand, sending shutdown commands to computers we know
nothing about is highly dangerous, probably would constitute interfering
with a computer system, and if somebody died as a result (say a shipment
of a lifesaving drug failed to go out), could get us life in jail in the
US (a couple of years in jail in most other countries). ***





More information about the list mailing list