Sign in to follow this  
Followers 0
evoen

Hacking Ethics

27 posts in this topic

Im not elite. Havent really pwned any box. Certainly not a hacker in it's truest sense. I have an ethics question:

If someone is ripping away at your webserver looking for cgi vulnerabilities yet doesnt have the decency to use a proxy - are you ethically obligated to strike back? Or maybe even post their address in a thread? Wouldnt this person learn something?

0

Share this post


Link to post
Share on other sites

you'd be ethically obligated to contact his isp and let them deal with it :)

0

Share this post


Link to post
Share on other sites

this sounds strangely as if you are asking permission for something, or asking for help.

if you had to ask this question then i am pretty sure that you know the answer to it.

the real question is how ethical do you want to be?

0

Share this post


Link to post
Share on other sites
you'd be ethically obligated to contact his isp and let them deal with it :)

I agree.

Grep through your apache access logs and send a copy over to the abuse center of his ISP. Once they have confirmed his abuse they will take care of it by either giving him a stern warning, terminating his internet access account, or sending a police officer over to his house to talk with him or pick him up.

Don't go down to that level by sinking as low as the attacker.

0

Share this post


Link to post
Share on other sites

first I say verify who it is and what OS they are using then procide to hack his boxen

or if its not possible to hack or not worth your time talk to his isp that will teach him to F**k with your shit.

oh yesfeel free post his ip Im sure someone out there on the global interweb is willing to teach the punk a lesson in hacking ;)

ph34r my F**king skillz :ninja:

Edited by specter
0

Share this post


Link to post
Share on other sites

I wouldn't screw with him unless his ISP won't do anything. Then I feel it's open season. The ISP wouldn't stop him, you had to.

0

Share this post


Link to post
Share on other sites

lets just say I've allways thought an eye for an eye was never enough ;)

ph34r my thought skillz :ninja:

0

Share this post


Link to post
Share on other sites

Call the ISP, obtain his name and address through social engineering, and apply your LART of choice. ;)

0

Share this post


Link to post
Share on other sites
lets just say I've allways thought an eye for an eye was never enough ;)

ph34r my thought skillz :ninja:

In the end a eye for an eye just leaves the whole world blind.

I suggest you find a mature way to deal with this guy. If you don't then your no better then he is.

0

Share this post


Link to post
Share on other sites

yeah but forgivness tends to lead to a world where people think that they can walk over you and try to control what you say or do

ph34r my rebutal skillz :ninja:

0

Share this post


Link to post
Share on other sites

id have to take a slighly skewed point of view on this subject, i agree with both sides on hax0rin his sh*t and contacting the ISP

see if he is worth the time, proxy yourself and hack his sh*t AND contact the ISP :)

double whammy :) i like the idea :devil:

0

Share this post


Link to post
Share on other sites

"Ethically oblidged to strike back"

Let me say this simply: no.

Just like when someone breaks your window, you aren't "ethically oblidged" to break theirs. What you can do is report them, however, to their ISP. Even if their ISP does nothing, its still the justice-system binding way of doing it.

Just because you can punch someone back after they punch you doesn't mean you should. And I wouldn't read into those attacks too much either... hell my server gets bombarded (as do yours probably) by tons of lame scriptkiddie IIS attacks, but I could care less. If they get in its more my fault than theirs.

Edited by Seal
0

Share this post


Link to post
Share on other sites

Get his inf0z, and talk to his mommie. If he happens to not live at home... then, there are some fantastic articles on many sites on how to make someones life suck.

Or you could call him up, befriend him, and work your way intricatly into his life, then.. when the time is right, stab him!

Or.. a solution I assume everyone will agree to. Make a script on your website that calls him a "n00b" whenever he goes to the site. Make your webpages replace themselfs with a page calling him a noob or something funny, or forward him to goat.cx, you could have fun with things like that, and neither is really, unethical, unless you think his mom seeing that he is looking at some weird web pages and getting in trouble is bad...

Be creative.

0

Share this post


Link to post
Share on other sites
...

Or you could call him up, befriend him, and work your way intricatly into his life, then.. when the time is right, stab him!

...

Be creative.

I LOVE IT! :)

0

Share this post


Link to post
Share on other sites

You should definately strike back man. I mean you should punish a person if they are too ignorant to not use a proxy.

0

Share this post


Link to post
Share on other sites
Im not elite. Havent really pwned any box. Certainly not a hacker in it's truest sense. I have an ethics question:

If someone is ripping away at your webserver looking for cgi vulnerabilities yet doesnt have the decency to use a proxy - are you ethically obligated to strike back? Or maybe even post their address in a thread? Wouldnt this person learn something?

First of all "...hacker in it's truest sense.", in my opinion, does not translate to how many boxes you've added to your collection.

Second, I'm amazed at how many people here have suggested that he should strike back. Are you nuts? What would be gained by "teaching him a lesson" in this way? In order for the "lesson" to be properly learned he would have to know who was doing the instructing. If that's the case, say this guy whom you've just "educated" goes to his local 2600 or defcon meeting and pleads his case to someone who actually knows what they're doing and gets their help. Would you like someone who can do some real damage walking all through your shit? This kind of retaliation makes no sense and can ultimately get you hosed, especially if *you* happen to get caught! Remember that proxies aren't always anonymous.

How do you know that he didn't use a proxy? You have his docs? Suppose this guy just cracked someone's WEP and was launching an attack from the parking lot of an innocent bystander's apartment? You'd be in some pretty shit if you retaliated against some 80 year old guy who just hadn't secured his wireless connection.

Report the guy to his ISP and secure your shit. Unless this guy has specifically targeted you personally for an attack it isn't worth it to strike back. And if he did, it's a matter for law enforcement to handle. This isn't like the old days when "hacker wars" were going on with no one noticing. You mentioned that you haven't owned a box. What did you plan on doing? Odds are that you'd be the one reported for hacking *his* box.

This isn't an ethics question, it's a matter of common sense. Don't even think about it.

PF

0

Share this post


Link to post
Share on other sites

If you get your jollies by screwing with dumb kiddies in the interweb you need help, that said, you could always have harmless fun, like route all his packets to the fbi or something

0

Share this post


Link to post
Share on other sites

Thanks for the input. The 'reporting to the ISP' and 'striking back' tallies were pretty close. The judges had their discussion and we're going with stabbing him.

0

Share this post


Link to post
Share on other sites
Thanks for the input. The 'reporting to the ISP' and 'striking back' tallies were pretty close. The judges had their discussion and we're going with stabbing him.

:barney: now why didnt I think of that

ph34r my thinking skillz :ninja:

0

Share this post


Link to post
Share on other sites
How do you know that he didn't use a proxy? You have his docs? Suppose this guy just cracked someone's WEP and was launching an attack from the parking lot of an innocent bystander's apartment? You'd be in some pretty shit if you retaliated against some 80 year old guy who just hadn't secured his wireless connection.

this is absolutely true, who says it IS his OWN ip?

on the other hand, even if it is his own ip, why blame him for doing something we are all interested in? learning computer security.

(i'm not saying what he has done is right, but honestly, if my logfiles would show a specific ip a lot of times i wouldn't worry, i would worry more if it isn't in the logs, since then that means they have found a way to get past it ;)

if someone would ever hack into one of my systems i would slam myself for the head, close up every little hole i can find and patch everything (although i also do this without an attack).

it is not hard to use an exploit someone else has written, it is a lot harder defending yourself against it. so the main challenge is in securing your box, not to find another exploit which will work on his.

just my 2 cents B)

Edited by white scorpion
0

Share this post


Link to post
Share on other sites

I was under the impression that this was trashing his system (slowing it down or even making it crash) by eating up all his bandwidth and other resources almost like a DoS attack.

plz correct me if im wrong

0

Share this post


Link to post
Share on other sites

I have basic ADSL, the machine serving the web runs on a 400+ MHz processor, and hosts multimedia files. Things are slow enough as they are. The guy can 'learn' all he wants. I just rather he do it somewhere else. Locking my front door doesnt give theives the right to beat on every inch of surface area outside my apartment. And if Im packn my 9 you know Im gonna blast that ass if I catch 'em! Ok, I dont have a gun really but the point is if you catch someone trying to break in to your "place" repeatedly(making enough attempts to be on two pages of the logs) youd notice it.

As for the "someone else's IP address" thought, youre probably right. If only there was a way to prove it. <_<

0

Share this post


Link to post
Share on other sites

edited as irrelevant.

Edited by 10nix
0

Share this post


Link to post
Share on other sites

This is still going on? Woudn't it just be easier to block his IP address? As for proving it, that's up to the ISP to handle. And the "judges" have decided to retaliate based on the number of votes? :huh:

Nice knowing ya man. Don't bend over to get the soap. ;)

PF

0

Share this post


Link to post
Share on other sites
This is still going on? Woudn't it just be easier to block his IP address? As for proving it, that's up to the ISP to handle. And the "judges" have decided to retaliate based on the number of votes? :huh:

Nice knowing ya man. Don't bend over to get the soap. ;)

PF

rotflmao.

Look into your /etc/*.deny file and add the sucker. Even better do it at your router.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0