--- Bryan Phinney <[EMAIL PROTECTED]> wrote: > On Friday 31 October 2003 08:40 am, Tango Echo > wrote: > > > What about the legal consequences of using a tar > pit? > > I can't possibly see what kind of legal consequences > could follow. Someone is > connecting to your server voluntarily and using your > resources. You are > simply metering how slowly they can use those > resources. Since your server > is your property, you are certainly free to meter or > throttle those resources > as you see fit. I also wouldn't describe it as a > DoS attack, more like a DoS > defense and where you are providing the server, it > is certainly within your > purview to deny that service. > > You actually think that a spammer is going to take > you to court and argue to > the judge, "Your Honor, I was attempting to access a > computer resource > without proper authorization and it didn't respond > as quickly as I would > like. Could you please have the damages I am > requesting delivered care of > the Federal Correctional Facility that I am assigned > to based on my admission > to violating several Federal statutes for > unauthorized computer access?"
Yes, I do actually. Bryan, your problem is you are too rational =). In this upside down world we live in, and an even more more upside down US legal system (plz, no OT flames) anything is possible. I've heard of cases where a theif fell thru a skylight window, injuried himself, sued the intended victim and won. While I suspect that is probably an urban legend I totally believe it is possible... > Worse case scenario is that the spammer tries to > attack your system in some > sort of bizarre revenge scheme, but given that it > would be extraordinarily > difficult for him to actually figure out that the > server in question is an > active tarpit, I don't think that this is very > likely, not to mention the > fact that any active server on the Internet is > already subject to such > attacks, whether they are tarpitting or not. > > There have been several cases of active honeypots > that were used to monitor > hacker behavior published, there are also several > public projects to create > SMTP honeypots, teer-grubes (tarpits), and honeynets > to combat spammers. I > have heard of no legal actions commenced as a result > of these. You are much > more likely to be sued for actively blocking mail > using a DNS Blocklist than > you are for running a SMTP honeypot or tarpit. Ah! Here is the reference: http://www.hackbusters.net While it's possible it may deal directly with his LaBrea tar pit program, it appears to hinge around the tar pit technology. Here's a quote from the site: Quote: This section of the Illinois Criminal Code was added on January 1, 2003 by Public Act 92-728 and defines an "unlawful communication device" as "any communication device which is capable of... facilitating the disruption... of a communication service without the express consent or express authorization of the communication service provider..." It furthermore makes it a criminal offense if a person knowingly "possesses, uses, manufactures, assembles, distributes, leases, transfers, or sells" an "unlawful communication device... for the commission of a theft of a communication service or to receive, disrupt, transmit, decrypt, or acquire... any communication service without the express consent or express authorization of the communication service provider, or to conceal or to assist another to conceal from any communication service provider or from any lawful authority the existence or place of origin or destination of any communication". LaBrea both disrupts communication and conceals the true origin of communication in an attempt to protect a network from attack. If you are currently running LaBrea, I would suggest that you look into the legality of having an operating network tarpit in your state. ...Not to encouraging, eh ? =/ This program sounds nice too... Tango > If I had a static IP, I would be running one myself. > I don't, so I can't. > > -- > Bryan Phinney > Software Test Engineer > __________________________________ Do you Yahoo!? Exclusive Video Premiere - Britney Spears http://launch.yahoo.com/promos/britneyspears/
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com