[KLUG Members] Legal Liabilty?

[Adam Tauno Williams]

>Early this morning my Zone Alarm Firewall software started alerting me to
>the fact that a particular IP was trying to access my system. Upon further
>investigation I found that the IP in question was trying to access my PC
>using Netbios. So I in turn scanned the ip using a basic NT net view \\[IP]
>command.

Since they were only hitting your Netbios port it could be they simply
foobarred a WINS or lmhosts entry and this was entirely inadvetant.

>Well I found that the person computer was wide open. A share without a
>password was established on the PC's c:\ drive ... very bad.
>I felt sorry for the owner of the PC so I left a text file in the
>c:\windows\desktop\ folder named [SECURE YOUR SYSTEM.txt] with information
>on how to secure their broadband connection and remove some of the worms I
>noticed on their system.
>I also alerted the ISP of the PC.

That's fair.  But if I choose to use "covert" activity to bring
attention to a problem I think NOT jumping up and down and saying "Hey
that was me!!!" would be a wiser choice.  Either use the beuracratic
channel or the hacker channel.

>My question is... Can I get busted for this ? 

Theoretically, yes.  You didn't leave your name & number in the file I
hope?  I'd imagine someone without a password on C$ was either doing the
scan by accident or was a computer that had already been compromised.

It is a tough call.  I have a dynamic IP,  and once when my address
changed I discovered by accident that telneting to the "old" IP that I
had administrative access to a Bay Networks router, straight to a login
prompt (press enter), and no password.  Issueing a few commands and it
was obvious that this device had several interfaces and belonged to a
large medical institution located in the area.  So what's a guy to do?
It didn't look like it had much traffic on it at the time so I rebooted
it.  The next day I try the address again,  and there it is.  So I
rebooted it again.  The next day, guess what?  Same thing.... reboot.
Then the next day: "Connection Refused."  I'm certain what I did was
illegal,  but the thought of someone bieng able to exploit or crunch the
network in question (IMHO) justified the action.

>I didn't appreciate my Firewall blowing up like crazy so I wanted to take 
>action.

Why?  That is what firewalls are for.  Mine picks up a port scan, etc...
now and then.  Unless it is insistent I just don't worry about it and
figure it's just reassuring me it is doing its job.