As for legal grounds, the biggest one is the CFAA
(see http://www.law.cornell.edu/uscode/18/1030.html)
The Computer Fraud and Abuse Act prevents any unauthorized access
although this is limited to "Federal Interest" computers. It does not
require "intent to cause harm" (this was what rtm was convicted under)
There have also been applications of the Federal Wire Fraud Act in this
space (is this was that got lamaccia on?). This seems less applicable
considering no fraud was perpetrated in our case.
Many states have anti-tampering/hacking laws... I don't know if
Washington does, but California certainly does. The California law in
particular forbids access to a computer system without permission. Its
a criminal offense... $250 for first offence, $10,000 and up to three 3
years after that.
Finally, were we to send a "tough" message, they would simply escalate
to our lawyers. The prospect of UW standing fast to protect our right
to send unwanted packets at MCI's routers seems somewhat fantastical.
Not a fight worth having.
- Stefan
> -----Original Message-----
> From: John Snell [SMTP:geigudr@cs.washington.edu]
> Sent: Wednesday, July 15, 1998 9:34 PM
> To: Stefan Savage
> Cc: syn@cs.washington.edu
> Subject: RE: [5550] Re: Router Access Attempt
>
>
> You know, this statement makes no claims about the legality of our
> sending
> packets to their routers. We are in fact a major research university,
> with heavy DARPA funding, and a have valid excuse to be sending
> packets to
> them.
>
> I think a firm, polite statement, of "tough" is in order. Unless
> someone
> thinks that they actually have some legal ground to be standing upon,
> we
> should have no real problems with them.
>
>
> > > MCI Data Systems Security kindly requests that you do not make
> > attempts to
> > > access any of our routers. If you need some assistance for a
> problem
> > or issue
>
>
>
> On Wed, 15 Jul 1998, Stefan Savage wrote:
>
> > Date: Wed, 15 Jul 1998 21:19:20 -0700
> > From: Stefan Savage <savage@cs.washington.edu>
> > To: 'David Becker' <becker@major.cs.washington.edu>,
> syn@cs.washington.edu
> > Subject: RE: [5550] Re: Router Access Attempt
> >
> > Ooops... well, I guess we'll have to stick to end-to-end
> measurements
> > ;-)
> >
> > - Stefan
> >
> > > -----Original Message-----
> > > From: David Becker [SMTP:becker@major.cs.washington.edu]
> > > Sent: Wednesday, July 15, 1998 8:20 PM
> > > To: syn@cs.washington.edu
> > > Subject: [5550] Re: Router Access Attempt
> > >
> > >
> > > To keep everyone informed, MCI complained to C&C about a test I
> ran
> > > today.
> > > I checked one of their interior routers,
> > > core5.WillowSprings.mci.net(204.70.4.97)
> > > to see if any useful tcp ports connected.
> > >
> > > The idea is to measure asymetric per-hop drop rates using the
> state
> > > that any TCP
> > > connection must maintain. Most interior routers will respond to
> > > telnet
> > > and/or finger connections and thats all we need for the
> measurement
> > > (in theory).
> > >
> > > I will have to check my command history tomorrow to see precisely
> how
> > > I
> > > triggered MCIs security machinery.
> > >
> > >
> > > ------- Forwarded Message
> > >
> > > Date: Wed, 15 Jul 1998 18:04:53 -0700 (PDT)
> > > From: Linda Wright <lwright@cac.washington.edu>
> > > To: security@mci.net, yenbut@cs.washington.edu
> > > cc: noc@cac.washington.edu, aboone@Tymnet.COM,
> info@u.washington.edu
> > > Subject: [5550] Re: Router Access Attempt
> > > In-Reply-To: <9807160041.AA29703@january.Tymnet.COM>
> > > Message-ID:
> > >
> <Pine.ULT.3.95.980715180257.11050G-100000@shiva2.cac.washington.edu>
> > > MIME-Version: 1.0
> > > Content-Type: TEXT/PLAIN; charset=US-ASCII
> > > X-UIDL: b638be74afcad0445706f9ae3d57fcd8
> > >
> > > Thank you for your report. We have copied the domain
> > > administrator for CS.WASHINGTON.EDU on this email and
> > > they will be responsible for following up with you.
> > >
> > > wakko.cs.washington.edu:
> > > Internet address = 128.95.2.48
> > > Mail exchanger = june.cs.washington.edu, preference 10
> > > = trout.cs.washington.edu, preference 20
> > >
> > > - -Linda Wright
> > > University of Washington
> > > Network Operations Center
> > > 206.543.5128
> > >
> > > On Wed, 15 Jul 1998 security@mci.net wrote:
> > >
> > > >
> > > > MCI TELECOMMUNICATIONS CORP.
> > > > DATA SYSTEMS SECURITY
> > > >
> > > >
> > > >
> > > >
> > > > TO: University of Washington
> > > > FROM: Data Systems Security (Anita Boone)
> > > > SUBJECT: Router Access Attempt
> > > > DATE: July 15, 1998
> > > >
> > >
> ======================================================================
> > > ========
> > > >
> > > > MCI Data Systems Security kindly requests that you do not make
> > > attempts to
> > > > access any of our routers. If you need some assistance for a
> problem
> > > or issue
> > > > that regards MCI, you can contact our Internet support at
> > > 1-800/977-4662,
> > > > or send e-mail to trouble@mci.net.
> > > > Thank-You.
> > > >
> > > >
> > > > Router core5.WillowSprings.mci.net -Rsh connection attempt
> from
> > > 128.95.2.48
> > > > (2 times / 1 mins) Up-to-minute total count for 128.95.2.48 is
> 2
> > > > =====================
> > > > ERROR Message: Jul 15 19:35:44 core5.WillowSprings.mci.net
> 13402:
> > > Jul 15
> > > > 19:36:02.495 EDT: Attempted to connect to
> > > core5.WillowSprings.mci.net
> > > > from 128.95.2.48
> > > >
> > > > Where time is EDT.
> > > >
> > > >
> > >
> ======================================================================
> > > ========
> > > > data-systems-security@mci.com | Internet:
> security@mci.net
> > > > Voice: (408) 922-6004 | Fax: (408) 922-8870
> > > > http://ird.security.mci.net
> > > > Toll Free: (888) 860-3382
> > > >
> >
>
> ______________________________________________________________________
> _______
> "The human mind is a 400,000-year-old legacy application...and you
> expected
> to find structured programming?" -- Randall Davis, 1996 AAAI Pres.
> Address