Notifying user of open Internet access

Discussion in 'Computer Security' started by EDOOD, Dec 11, 2004.

  1. EDOOD

    EDOOD Guest

    I was using some IP discovery tools, and found an IP addres on my providers
    subnet with multiple open shares. This person is definitely open to
    problems. It took no effort to map a share, and see all their files.
    Ethically, it is wrong, but feel bad this person is exposed. How would YOU
    handle this situtaion. If I send an anonymous email, then that person could
    search the ISP log, and trace back. It is like watching someone in a car
    crash bleeding to death, and not helping. Should I inform the user of their
    vulnerabilities? Contact the ISP??

    What would you do.

    Ready for the "FLAME" war...but I am seriious...I would want to know, if I
    was that vulnerabile.
     
    EDOOD, Dec 11, 2004
    #1
    1. Advertising

  2. EDOOD

    Leythos Guest

    In article <Jarud.41139$>, "EDOOD"
    <info<nospam>@thecomputerdood.com> says...
    > I was using some IP discovery tools, and found an IP addres on my providers
    > subnet with multiple open shares. This person is definitely open to
    > problems. It took no effort to map a share, and see all their files.
    > Ethically, it is wrong, but feel bad this person is exposed. How would YOU
    > handle this situtaion. If I send an anonymous email, then that person could
    > search the ISP log, and trace back. It is like watching someone in a car
    > crash bleeding to death, and not helping. Should I inform the user of their
    > vulnerabilities? Contact the ISP??
    >
    > What would you do.


    I would report you to the local ISP for scanning my computer and hope
    they yank your service.

    What you did is a direct violation of most ISP's terms of service and
    AUP.

    As noble as you think your action are/were, you are no different than
    the countless number of hackers in your actions. Since you have no
    permission to scan the ISP's network, no permission to access the users
    shares, you are in violation of many ethics rules and possibly could
    loose your service.

    --
    --

    (Remove 999 to reply to me)
     
    Leythos, Dec 11, 2004
    #2
    1. Advertising

  3. EDOOD

    donnie Guest

    On Sat, 11 Dec 2004 01:05:33 GMT, Leythos <> wrote:

    >I would report you to the local ISP for scanning my computer and hope
    >they yank your service.

    ##########################
    That wasn't his question. He asked if he should inform them about the
    hole. I don't think he should. They might try to blame him for the
    problem which is the usual response. Don't try to be a hero. Pretend
    you never even saw it.
    donnie.
     
    donnie, Dec 11, 2004
    #3
  4. EDOOD

    bowgus Guest

    An analogy I've heard ... it's perfectly legal to walk around in an
    apartment building, just not legal to walk into someone's apartment, even if
    the door is open. I once did basically the same as you ... I was amazed at
    the information available ... I stopped. My recommendation ...do nothing ...
    it's their property, their responsibility. And stay off other peoples PCs.

    "EDOOD @thecomputerdood.com>" <info<nospam> wrote in message
    news:Jarud.41139$...
    > I was using some IP discovery tools, and found an IP addres on my

    providers
    > subnet with multiple open shares. This person is definitely open to
    > problems. It took no effort to map a share, and see all their files.
    > Ethically, it is wrong, but feel bad this person is exposed. How would

    YOU
    > handle this situtaion. If I send an anonymous email, then that person

    could
    > search the ISP log, and trace back. It is like watching someone in a car
    > crash bleeding to death, and not helping. Should I inform the user of

    their
    > vulnerabilities? Contact the ISP??
    >
    > What would you do.
    >
    > Ready for the "FLAME" war...but I am seriious...I would want to know, if I
    > was that vulnerabile.
    >
    >
    >
     
    bowgus, Dec 11, 2004
    #4
  5. EDOOD

    winged Guest

    EDOOD <info wrote:
    > I was using some IP discovery tools, and found an IP addres on my providers
    > subnet with multiple open shares. This person is definitely open to
    > problems. It took no effort to map a share, and see all their files.
    > Ethically, it is wrong, but feel bad this person is exposed. How would YOU
    > handle this situtaion. If I send an anonymous email, then that person could
    > search the ISP log, and trace back. It is like watching someone in a car
    > crash bleeding to death, and not helping. Should I inform the user of their
    > vulnerabilities? Contact the ISP??
    >
    > What would you do.
    >
    > Ready for the "FLAME" war...but I am seriious...I would want to know, if I
    > was that vulnerabile.
    >
    >
    >

    In answer to what you did, the answer is would you "tell" someone you
    downloaded a FTP file? HTTP?

    Some have criticized your activity. If the share was open and you
    retrieved files, not even sure to the illegality (not talking ethics) of
    the question. If the computer had services exposed, without even
    minimal security in place, I am not sure of a legal issue. The patriot
    act defines the law as being broken when the threshold of damage exceeds
    $500. If I remember right the telecommunications act threshold is
    2500$. If the user was on a current WinX system they had to bypass many
    warnings not to to expose the share.

    If the browser of data did not use the information to personal or
    detrimental gain, didn't transfer pornography, didn't upload data files,
    didn't damage the remote system, didn't download copy write materials,
    I suspect it would be difficult to be prosecuted. If this were a
    commercial server doing interstate commerce there are other laws that
    might come into play. If the user was on a Win9x system, well, they are
    pretty much exposed with no firewall.

    Scanning of systems is not a violation of law nor of many ISP rules,
    unless it causes a denial of service condition, shaking a door handle is
    not a violation, though entering a door might be an issue if the user
    could prove the damage threshold.

    There are several reasons this might occur:

    1. User is an idiot. Possible and no amount of informing will
    persuade/fix this user because the light bulb probably isn't on. It may
    be some sort of malware has exposed his system so and the user wouldn't
    understand the issue. Any file you retrieved could not be trusted, and
    you prolly have better stuff on your own computer.

    2. The hole is a honey pot. Good reason not to play.

    3. The individual is purposely and deliberately sharing the shares
    openly for a number of legitimate reasons. Sharing LDAP to host Net
    meeting session(example).

    4. Several p2p tools will do the behavior described if the user does
    not constrain them properly, in fact they share the entire computer to
    the world. This is probably the highest probability. The user is
    probably a KAZZA user who installed the program with defaults sharing
    c:\. I have seen this with several popular music file sharing programs.
    This user probably already has more issues than he can handle and
    probably belongs to paragraph 1.

    Many applications will tell you the OS, computer name, every account on
    the computer and whether or no a password is required to access the
    account on the system, what shares are available, and other information
    about the system (I didn't say properly configured systems). Exposed
    NETBIOS is always informative. This is a common functionality of many
    legitimate tools (Microsoft Visio for example). This is done by just
    checking the door handle and never entering the system. This, in
    itself, is not illegal.

    As I write this I keep coming up with more reasons so I'll just stop let
    y'all come with more reasons of your own.

    But as far as the law is written I doubt you would have many legal
    issues unless it happened to be a commercial or government host (While
    they may not prosecute you, they might make life fun for awhile, there
    are ways to hurt you even if they can't put you in jail (priced lawyers
    lately?)) I don't know of any laws that prohibit foot printing ... yet.

    Ethics on the other hand....

    Winged
     
    winged, Dec 11, 2004
    #5
  6. EDOOD

    Bit Twister Guest

    Bit Twister, Dec 11, 2004
    #6
  7. EDOOD

    Leythos Guest

    In article <cpg0uc$>,
    says...
    > Scanning of systems is not a violation of law nor of many ISP rules,
    > unless it causes a denial of service condition, shaking a door handle is
    > not a violation, though entering a door might be an issue if the user
    > could prove the damage threshold.


    Actually, scanning ISP networks is a violation of MOST ISP's acceptable
    use policies. The violator can have their service terminated for it.

    --
    --

    (Remove 999 to reply to me)
     
    Leythos, Dec 12, 2004
    #7
  8. EDOOD

    winged Guest

    Bit Twister wrote:
    > On 11 Dec 2004 18:47:24 EST, winged wrote:
    >
    >>If the computer had services exposed, without even
    >>minimal security in place, I am not sure of a legal issue.

    >
    >
    > Even a ping _could_ be used to give you a hard time.
    >
    > Just a few state selections.
    >
    > http://www.capitol.state.tx.us/statutes/pe.toc.htm
    > Read 33.01. Definitions (1) "Access"
    > then 33.02. Breach of Computer Security (a)
    >
    >
    > http://www.umpqua.cc.or.us/policy/oregon-law.htm
    > Read 1 (a) then (4)




    "Effective consent" is a key issue of both the Texas and the Oregon laws
    cited. If one has exposed (open access) services be it ftp, http, etc.
    one has granted "effective consent" for anyone to access a system. Every
    bot on the net has legal right to crawl your system. If one requires a
    logon and password to acess a service "effective consent" is not
    present. If one has ping services turned on one has granted "effective
    consent" under the Oregon and Texas provisions cited. Unless you lock
    the door, you provide "effective consent" under both of the laws cited.
    If you have ping services turned on and exposed you have provided
    "effective consent" for others to use those services.

    This is why if you have an exposed computer in a public area one would
    not be violation of the law (Texas example) to walk by a computer. If
    that computer were secured where aceess would be restricted, walking by
    that same computer "could" make you in violation of the law because
    "effective consent" was not granted. If a company representative
    granted you access to the same area under non fraudulent conditions
    (access to the restricted area), you could not be prosecuted for the
    same act of walking by the same computer in the same area because they
    provided "effective consent" for you to walk by the computer.

    Tricky little clause.

    Winged
     
    winged, Dec 12, 2004
    #8
  9. EDOOD

    donnie Guest

    On 11 Dec 2004 21:02:24 EST, winged <> wrote:

    >"Effective consent" is a key issue of both the Texas and the Oregon laws
    >cited. If one has exposed (open access) services be it ftp, http, etc.
    >one has granted "effective consent" for anyone to access a system

    ##########################
    I agree w/ that 100%.
    donnie
     
    donnie, Dec 12, 2004
    #9
  10. EDOOD

    winged Guest

    Leythos wrote:
    > In article <cpg0uc$>,
    > says...
    >
    >>Scanning of systems is not a violation of law nor of many ISP rules,
    >>unless it causes a denial of service condition, shaking a door handle is
    >>not a violation, though entering a door might be an issue if the user
    >>could prove the damage threshold.

    >
    >
    > Actually, scanning ISP networks is a violation of MOST ISP's acceptable
    > use policies. The violator can have their service terminated for it.
    >

    Your right!

    Most ISP's don't pursue that clause unless it creates a problem (DOS) or
    sufficient complaint. A properly performed scan will probably never be
    noticed. In reality, they can deny service for almost no reason if they
    choose IAW the agreement. Of course if service is denied, payment for
    non-service is usually waived. Most ISPs work on credit and therefore
    seldom invoke this clause. If a user is sufficiently worried about
    their activities and their ISP reaction they should probably learn how
    to do things differently, so not to raise the ire of the ISP
    administrators. Afraid I don't worry much about scanners from a security
    perspective(as long as they are not on "MY" network assets). Ethically
    one should only scan "ones own owned" assets.

    Winged
     
    winged, Dec 12, 2004
    #10
  11. EDOOD

    Bit Twister Guest

    On 11 Dec 2004 21:02:24 EST, winged wrote:
    >> http://www.capitol.state.tx.us/statutes/pe.toc.htm
    >> Read 33.01. Definitions (1) "Access"
    >> then 33.02. Breach of Computer Security (a)
    >>
    >>
    >> http://www.umpqua.cc.or.us/policy/oregon-law.htm
    >> Read 1 (a) then (4)

    >
    >
    >
    > "Effective consent" is a key issue of both the Texas


    Texas escapes the consent with _or defect_ in (c)

    > and the Oregon laws cited.


    Oregon did not even bother with consent.

    They did that on purpose. Oregon was tired of the lawyers indicating
    the same kind of logic you proposed.

    Your "exposed computer in a public area" is not consent just like my
    public exposure of my house's front door is not consent for you to
    "communicate with the door knob" by twisting it.
     
    Bit Twister, Dec 12, 2004
    #11
  12. EDOOD

    winged Guest

    Bit Twister wrote:
    > On 11 Dec 2004 21:02:24 EST, winged wrote:
    >
    >>>http://www.capitol.state.tx.us/statutes/pe.toc.htm
    >>>Read 33.01. Definitions (1) "Access"
    >>>then 33.02. Breach of Computer Security (a)
    >>>
    >>>
    >>>http://www.umpqua.cc.or.us/policy/oregon-law.htm
    >>>Read 1 (a) then (4)

    >>
    >>
    >>
    >>"Effective consent" is a key issue of both the Texas

    >
    >
    > Texas escapes the consent with _or defect_ in (c)
    >
    >
    >>and the Oregon laws cited.

    >
    >
    > Oregon did not even bother with consent.
    >
    > They did that on purpose. Oregon was tired of the lawyers indicating
    > the same kind of logic you proposed.
    >
    > Your "exposed computer in a public area" is not consent just like my
    > public exposure of my house's front door is not consent for you to
    > "communicate with the door knob" by twisting it.
    >

    "Effective Consent" does allow me to knock on the door. If you leave
    the door open effective consent is implied. Effective consent may also
    apply to a login on the system if it does not have a password, for
    example some services may require a login (door closed) depending on the
    generally accepted use of the service. A service with a login password
    does not have effective consent to use that specific service (door
    locked) unless effective consent was given to me by the system owner by
    providing a login password. To make matters worse their are "some"
    cases where a login password also provides "effective consent"
    (anonymous FTP servers that require a mail addy for password comes to mind).

    Effective consent does apply to the Oregon law. Effective consent is a
    principle in law. It does not "have" to be specifically stated.

    If a service is exposed and the service has no warnings on the specific
    service, "effective consent" is implied under either states statutes.
    If you exploit a service (for example using a buffer overrun) to gain
    access that was not otherwise exposed, you are in violation of the
    "effective consent" principle.

    Under your argument any HTTP server I accessed in Texas or Oregon could
    be considered illegal because did not have specific permission to access
    the site.

    "Effective consent" does not allow me to do any damage the system in
    question, but if a service is open and exposed, one has implied consent
    to access the system.

    Exposed ICMP does provide effective consent under the law. If I pound
    the ICMP port enough to impede or significantly impact the devices
    normal operation I have lost effective consent because that can not be
    considered reasonable use.

    It is key, if one works in the computer security field, to understand
    this concept. You must lock the computer doors with reasonable
    precautions to prevent "effective consent".

    Winged
     
    winged, Dec 12, 2004
    #12
  13. EDOOD

    Bit Twister Guest

    On 12 Dec 2004 00:41:36 EST, winged wrote:
    > If you leave the door open


    Was not open, just not locked.

    > Effective consent does apply to the Oregon law.


    The law did not say so. That is my main point. The law was made that loose
    because of the same kinds of arguments you have provied.

    Some of the arguments by cracker's lawers were
    How was my client to know the sys op was not giving consent because
    the sys op failed to secure his machine correctly.

    As for what computer industry thinks and what the lawyer provied is
    just word twisting. What comes to mind whas the @home ads showing
    unlimited internet access and the cutomers complaing of
    throttled cablem modems and download quotas. Seems the unlimited
    access meant you did not have to login to access the internet.
     
    Bit Twister, Dec 12, 2004
    #13
  14. EDOOD

    EDOOD Guest

    Holy S..T!!!!!
    I may never use my computer again!!!! Just kidding.
    I guess my only thought is, I have had a hacked Web Site (Chinese hackers,
    by tracing back logs and IP numbers), and had a virus attack, that the ISP
    said that I was sending out Viruses. If I received a note/letter/email
    stating that my firewall was WIDE OPEN, I would first close it, and second,
    thank whomever told me.

    It is hard for me to believe that someone shouldn't do anything....I think
    we are all "CLOSET HACKER". I would bet everyone on this list has used an
    IP discovery tool. So, I will let the FOOL go down into the abyss of hacker
    hell!!!

    Thanks for the reply's!!!
     
    EDOOD, Dec 13, 2004
    #14
  15. EDOOD

    Leythos Guest

    In article <Ibmvd.42401$>, "EDOOD"
    <info<nospam>@thecomputerdood.com> says...
    > Holy S..T!!!!!
    > I may never use my computer again!!!! Just kidding.
    > I guess my only thought is, I have had a hacked Web Site (Chinese hackers,
    > by tracing back logs and IP numbers), and had a virus attack, that the ISP
    > said that I was sending out Viruses. If I received a note/letter/email
    > stating that my firewall was WIDE OPEN, I would first close it, and second,
    > thank whomever told me.
    >
    > It is hard for me to believe that someone shouldn't do anything....I think
    > we are all "CLOSET HACKER". I would bet everyone on this list has used an
    > IP discovery tool. So, I will let the FOOL go down into the abyss of hacker
    > hell!!!


    At one time or another, before being information of it being against the
    TOS for my ISP at the time (not the current one), I use to look/help
    people that were exposed. When I use to get probed from SQL servers I
    would open a session with them and send a NET SEND to their entire LAN
    from the SQL Server telling everyone that the SQL server was fully
    exposed (without a password) to the internet. In all that time, I never
    saw one SQL server fixed or one computer fixed.

    People that are exposed just don't get it, they don't really care, and
    if they did care they would already have learned something about it.

    What would be great is if the ISP's blocked ports 135~139 and 445
    internally as well as externally, then we would have a lot less problems
    with Windows based systems.


    --
    --

    (Remove 999 to reply to me)
     
    Leythos, Dec 13, 2004
    #15
  16. EDOOD

    EDOOD Guest

    On this idea of "effective consent", the person has no password control,
    allowing anyone to "MAP" effective drives to it. You use the usual FTP, and
    HTTP rule. Are these exclusive to the rule.? Mapping a drive, using a NET
    USE or NET VIEW command, and then viewing the contents, without a password,
    would be considered "effective consent". I don't see the difference. The
    WEB is made up of Clients (Browsers) and Servers (Web Hosts). So, basically
    I can use my "BROWSER" i.e. Windows "Net View" command (Port 139 Scan) to
    look for hosts.
    This idea of Public or Private is confusing, If I set up an FTP Server for
    myself, with "anonymous" as a user, have I given consent? Why is HTTP or
    FTP (protocols) any different than from NET VIEW (Port 139) protocol scans.

    I guess the idea is, if we see a car on fire, with people in it...Don't
    help, because they might blame you for starting the fire!!!
     
    EDOOD, Dec 13, 2004
    #16
  17. EDOOD

    Leythos Guest

    In article <%wmvd.42404$>, "EDOOD"
    <info<nospam>@thecomputerdood.com> says...
    > I guess the idea is, if we see a car on fire, with people in it...Don't
    > help, because they might blame you for starting the fire!!!


    No, there are laws to protect you from civil suites in cases of
    emergency assistance, unless you are a medical type, then you are not
    protected.

    In the case of probes, looking for exposed systems, the users are
    unaware that their systems are exposed, so no consent was intended or
    provided.


    --
    --

    (Remove 999 to reply to me)
     
    Leythos, Dec 13, 2004
    #17
  18. EDOOD

    donnie Guest

    On Mon, 13 Dec 2004 19:59:55 GMT, "EDOOD"
    <info<nospam>@thecomputerdood.com> wrote:

    >I guess the idea is, if we see a car on fire, with people in it...Don't
    >help, because they might blame you for starting the fire!!!
    >

    ############################
    Unfortunately, when it comes to computer and telephone systems, that
    is the case. They will blame you for the security holes or at least
    exploiting them. Only once, did I tell someone that their computer
    had files sharing enabled. The reason I notified them (and I say them
    because it was a family network) was because they had wingate running
    and someone was using their PC to post bad thinngs to usenet. I looked
    up their # and called using a pre-paid calling card. The guy was very
    appreciative but that's not always the case.
    As an update to computers w/ file sharing enabled, it's almost down to
    none. There was a time when one could find 40 opened PCs on a class C
    subnet but now if there are 4 opened PCs on a class C subnet, it's a
    lot. People have become a little more savvy either blocking it
    manually or running firewalls.
    donnie.
     
    donnie, Dec 14, 2004
    #18
  19. EDOOD

    winged Guest

    Leythos wrote:
    > In article <Ibmvd.42401$>, "EDOOD"
    > <info<nospam>@thecomputerdood.com> says...
    >
    >>Holy S..T!!!!!
    >>I may never use my computer again!!!! Just kidding.
    >>I guess my only thought is, I have had a hacked Web Site (Chinese hackers,
    >>by tracing back logs and IP numbers), and had a virus attack, that the ISP
    >>said that I was sending out Viruses. If I received a note/letter/email
    >>stating that my firewall was WIDE OPEN, I would first close it, and second,
    >>thank whomever told me.
    >>
    >>It is hard for me to believe that someone shouldn't do anything....I think
    >>we are all "CLOSET HACKER". I would bet everyone on this list has used an
    >>IP discovery tool. So, I will let the FOOL go down into the abyss of hacker
    >>hell!!!

    >
    >
    > At one time or another, before being information of it being against the
    > TOS for my ISP at the time (not the current one), I use to look/help
    > people that were exposed. When I use to get probed from SQL servers I
    > would open a session with them and send a NET SEND to their entire LAN
    > from the SQL Server telling everyone that the SQL server was fully
    > exposed (without a password) to the internet. In all that time, I never
    > saw one SQL server fixed or one computer fixed.
    >
    > People that are exposed just don't get it, they don't really care, and
    > if they did care they would already have learned something about it.
    >
    > What would be great is if the ISP's blocked ports 135~139 and 445
    > internally as well as externally, then we would have a lot less problems
    > with Windows based systems.
    >
    >

    AMEN

    Winged
     
    winged, Dec 14, 2004
    #19
  20. EDOOD

    donnie Guest

    On 13 Dec 2004 21:26:21 EST, winged <> wrote:

    >> What would be great is if the ISP's blocked ports 135~139 and 445
    >> internally as well as externally, then we would have a lot less problems
    >> with Windows based systems.
    >>
    >>

    >AMEN
    >
    >Winged

    ######################
    ISPs can't block those ports. There are people who want to share files
    and they have the right to do that. Passwds are free, let them pick
    one. That could be part of the TOS.
    donnie.
     
    donnie, Dec 14, 2004
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. yar
    Replies:
    4
    Views:
    1,728
    Juan Carlos \(El fortinero\)
    Sep 21, 2004
  2. =?Utf-8?B?RWQ=?=

    Limited User Account Access to Internet on Wireless Network

    =?Utf-8?B?RWQ=?=, Jan 12, 2005, in forum: Wireless Networking
    Replies:
    9
    Views:
    1,351
    tranquille
    Feb 4, 2005
  3. Tommy
    Replies:
    0
    Views:
    478
    Tommy
    Oct 22, 2003
  4. Jonathan Lackey

    MSCE 2000 And notifying microsfot.

    Jonathan Lackey, Feb 26, 2004, in forum: MCSE
    Replies:
    14
    Views:
    684
    The Poster Formerly Known as Kline Sphere
    Feb 28, 2004
  5. Fakename

    email notifying program

    Fakename, Feb 22, 2008, in forum: NZ Computing
    Replies:
    4
    Views:
    395
    Fakename
    Feb 23, 2008
Loading...

Share This Page