From: Wesley Darlington (wesley at domain yelsew.com)
Date: Wed 26 Sep 2001 - 09:20:41 IST
On Tue, Sep 25, 2001 at 07:30:18PM +0100, David Murphy wrote:
> Quoting <3BB0CC2C.9040607 at domain esatclear.ie>
> by Paul Kelly <longword at domain esatclear.ie>:
> > How can it be illegal? They requested the machine deinstallation
> > program from your web server. And you've got the Apache logs to
> > prove it.
> I don't believe "They asked for it" will stand up in court.
Probably right. Much better to format their drives so all
trace of your activity is removed. Dead boxes tell no tales.
Use https if it's there to lessen the likelihood of IDSes (*)
noticing.
Thought - services on ports traditionally have warnings about who
can connect: telnet and ftp for example. What would the implications
of an HTTP X- header to the effect that "unauthorised personse should
disconnect and never reconnect; if you're not sure if you're authorised
then you are not." ...? Where might one put such a banner?
Tongue-ily in cheek,
Wesley.
(*) Although the idea that somebody with nimda or code-red on their
network might have an IDS (or other source of reasonably tamper-
proof logs) beggars belief! :-)
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:12:18 GMT