[H-GEN] (AUSCERT#38535) Re: The recient spate of port scans and intrusion attempts. (fwd)

Andrae Muys a.muys at mailbox.uq.edu.au
Tue Jul 21 20:55:17 EDT 1998 

On Wed, 22 Jul 1998, David Starkoff wrote:

> In other words, it is an element of the offence (ie. something which needs
> to be proven beyond reasonable doubt) that the person actually intended to
> do the nasty things.  (What the nasty things actually are vary between the
> offences.)  This is subjective.  The `ought reasonably to know' is
> objective, and is the classic `reasonable person' test.
> 
> So, basically, the offences aren't ones of strict liability.  If you
> accidentally do something nasty, you won't be guilty.[2]
> 
However on the other hand it is rather hard to _accidentally_ strobe a
machine.  Even harder to accidentally strobe an entire domain :).

> But the Commonwealth legislation only applies in certain areas, mainly
> when the Federal Government can claim jurisdiction.  See sections 51 and
> 52 of your friendly local Constitution.[3]
> 
> For your vanilla case of individual against individual, then you'll have
> to resort to State legislation.  (Although, if you used Telstra along the
> way, then s 76D would probably apply.)  Additionally, s 76F doesn't
> exclude the State laws.

In actual fact this is how they get juristiction.  Basically, if at
anytime during the attack at least one packet was routed via a University,
or Telstra, or a Government Agency, even if they weren't the object of the
attack, the federal government claims juristiction.  (Source: A talk I
attended presented by a member of the Federal Police Computer Crimes Squad).

> Generally, you'll only ever attempt to access a machine when know its
> address.  And how do you know its address?  Because it's been told to you.
> It either comes from the operator of the machine (in which case you have
> consent) or someone else (in which case you can plead mistake of fact if
> you weren't meant to be there).

Still even if you obtained the address from the operator, it's hard to
claim consent when you strobe the IMAP/POP ports (if you are aware you
don't have an email account there).

Andrae

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Andrae Muys              "I have no wish to recite ... stratagems, for they
andrae at humbug.org.au     have all the same end in view, which is, to oblige
My stuff, Linux stuff        the enemy to make unnecessary marches in favor 
http://www.uq.edu.au/~cmamuys/   of our own designs." - Fredrick the Great.

More information about the General mailing list