[KLUG Members] Legal Liabilty?
Adam Tauno Williams
members@kalamazoolinux.org
23 Jul 2001 06:42:32 -0400
>Early this morning my Zone Alarm Firewall software started alerting me to
>the fact that a particular IP was trying to access my system. Upon further
>investigation I found that the IP in question was trying to access my PC
>using Netbios. So I in turn scanned the ip using a basic NT net view \\[IP]
>command.
Since they were only hitting your Netbios port it could be they simply
foobarred a WINS or lmhosts entry and this was entirely inadvetant.
>Well I found that the person computer was wide open. A share without a
>password was established on the PC's c:\ drive ... very bad.
>I felt sorry for the owner of the PC so I left a text file in the
>c:\windows\desktop\ folder named [SECURE YOUR SYSTEM.txt] with information
>on how to secure their broadband connection and remove some of the worms I
>noticed on their system.
>I also alerted the ISP of the PC.
That's fair. But if I choose to use "covert" activity to bring
attention to a problem I think NOT jumping up and down and saying "Hey
that was me!!!" would be a wiser choice. Either use the beuracratic
channel or the hacker channel.
>My question is... Can I get busted for this ?
Theoretically, yes. You didn't leave your name & number in the file I
hope? I'd imagine someone without a password on C$ was either doing the
scan by accident or was a computer that had already been compromised.
It is a tough call. I have a dynamic IP, and once when my address
changed I discovered by accident that telneting to the "old" IP that I
had administrative access to a Bay Networks router, straight to a login
prompt (press enter), and no password. Issueing a few commands and it
was obvious that this device had several interfaces and belonged to a
large medical institution located in the area. So what's a guy to do?
It didn't look like it had much traffic on it at the time so I rebooted
it. The next day I try the address again, and there it is. So I
rebooted it again. The next day, guess what? Same thing.... reboot.
Then the next day: "Connection Refused." I'm certain what I did was
illegal, but the thought of someone bieng able to exploit or crunch the
network in question (IMHO) justified the action.
>I didn't appreciate my Firewall blowing up like crazy so I wanted to take
>action.
Why? That is what firewalls are for. Mine picks up a port scan, etc...
now and then. Unless it is insistent I just don't worry about it and
figure it's just reassuring me it is doing its job.