[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [dvd-discuss] Hang the RIAA in their own noose.


On Fri, 19 Oct 2001 Michael.A.Rolenz@aero.org wrote:
> I hate to use the lock analogy but a buffer overflow attack is
> analogous to opening a lock that you know is not yours with a
> lockpick. Furthermore, it shows intent. Somebody is spending a lot of
> time to do something.

Well, not if it's a known exploit and the script kiddies have got the
tools in the kit.

It's not like using a lockpick at that point, it's like using a Master
Key.

> One problem here is what constitutes a 'publically accessable"
> machine.  This is a pretty gray area.

If a machine receives packets of any type on any port that can be accessed
with a globally routable address:port socket description pair, then that
machine is publicly accessible.

> On the other extreme. Putting up a firewall is analogous to putting up
> a do not trespass sign and a fence.

Not quite.  A firewall that drops all non-return packets originating
outside the firewall is like an invisible fence.

I don't know any firewalls that let you know that you're about to pass
through them the way a "no trespassing" sign would.

> At what point do you tell someone "look. just because the fence was
> only 10 foot tall and you had a 12 foot pole for vaulting isn't a
> defense against trespassing."

If you can go through the fence without noticing it, is it really a fence?

A firewall that passes port 80 is a not a fence if you're heading toward
port 80.  It's like it's not even there.

Are you going to argue that someone can be accused of trespass for walking
through a hole in an invisible fence?

J.
-- 
   -----------------
     Jeme A Brelin
    jeme@brelin.net
   -----------------
 [cc] counter-copyright
 http://www.openlaw.org