Self defense (was RE: )

Brian Densmore DensmoreB at ctbsonline.com
Thu Aug 23 13:49:44 CDT 2001 

>> What would be the legal grounds for a program that retaliates 
>> against an
>> attacking machine once it has determined an attack is going 
>> on ... a self
>> defense mechanism ... the right to protect property ?
>> 
> There are no legal grounds. It's not self defense. There is 
> no absolute
> right to protect property.
> 
IANAL, but, you are wrong on this one. The 5th and 7th amendments of the US
Constitution specifically gives us the right to protect our property, as
well as other amendments and federal, state and local laws. What you can do
to protect your property is another matter. On top of all that, what would
be an acceptable policy to protect your property off-line may not prove to
be acceptable on-line.

If you plan on protecting your property form internet attack, you had better
have at least the following in place before attacking an attacking site.

1. A Firewall with all the latest patches and properly configured,
2. Complete audit tracking (users, addresses, portscans, etc.),
3. a "jail" to monitor break-in attempts (can't think of the full tech term
here - I'm having a really bad week),
4. legal notice on your website about what is and is not allowed,
5. Current software with all patches applied,
6. documented proof of damage,
7. documented proof of contact and cooperation with local authorities,
8. documented proof of contact with attacker's ISP.
(**Note**: this list may be incomplete)

Then and only then would you be justified in a more aggressive approach.
Also you may have to actually attempt to contact the attacker, before
attacking. And if in the process of attacking the attacker you do collateral
damage, then you have just become the person you are trying to protect
yourself against.

Now in my opinion, it would be acceptable to do the following if you were
attacked.
A site infected with a M$ IIS worm, attacks your site. You then being the
good citizen you are retaliate with a "reverse worm" ( yes that is a real
techie term - I just created it), that applies the patch and uninstalls the
worm on that site. Now realize, this may get you in just as much trouble as
the worm writer. Also, this is currently a hotly debated topic in the
internet security world, and you would be on thin legal ice. 

So if you can walk on water, go for it!

Just my $1 worth,
Brian

More information about the Kclug mailing list