Date: Mon May 16 14:31:22 2005
From: michael.holstein at csuohio.edu (Michael Holstein)
Subject: Benign Worms

> Not true. Intent is *everything* as far a criminal activity is concerned.

Funny .. everytime I try and say "no, officer, I didn't realize the 
speed limit was 25 on this street", I still get nicked.

> Intent aside, if you restrict the worm to your subnet that you own and are
> authorized to alter the systems on, then even releasing a malicious worm
> would be legal. Maybe not very smart, but legal. It's only illegal if you
> affect systems you're not authorized to affect.

The road to hell is paved with good intentions. Consider Nachi/Welchia : 
the coders figured it'd be worthwhile to "ping" the host before trying 
anything else, to save time. A good idea in principle until you get 
thousands of machines infected and all-of-a-sudden, we all block ICMP 
everywhere we can (and stuff like path-MTU breaks).

Besides, I do know my /16. I know it well enough to realize that there 
is tons of stuff on it that isn't "mine". Student PCs, professors 
laptops from home, whatever. Even having worked for a .gov where I was 
releatively certian that everything *was* ours, there was tons of stuff 
that couldn't afford to get crashed by a "helpful" worm. There was no 
shortage of DBAs that would have like to seen my nipple in the ringer 
for such a stunt.

We've all tried this sort of thing in one variation or another -- a 
logon script to update A/V sigs, install some new software, whatever. 
And I can bet nearly every one of us encountered some bizare install of 
something that we didn't anticipate and it completely hosed the target.

Save yourself the legal expenses of writing such a worm and invest in a 
enterprise management system (OpenView, LanDesk, etc).

Cheers,

Michael Holstein CISSP GCIA
Cleveland State University

Powered by blists - more mailing lists