Should DDoS be legal?

View previous topic View next topic Go down

Should DDoS be legal?

Post by Oxodium on 7/3/2015, 6:22 pm

The controversal question; Should launching a DoS participating in a DDoS attack be legal?

Sources:
Some sources to read up about what a DDoS attack is, and the difference between DoS and DDoS:

1. What's the difference in DoS and DDoS?  http://www.webopedia.com/TERM/D/DDoS_attack.html
2. Operation Payback from 'Anonymous' (example of DDoS and cyber protest) http://en.wikipedia.org/wiki/Operation_Payback

For the sake of this debate, we're going to be talking about DrDoS rather than using a 'botnet' to launch an attack. This is mainly because a botnet breaks more laws which kinda is a dominating factor in the debate.

A source on DrDoS: http://www.ukfast.co.uk/blog/2013/05/02/backtobasics-what-is-a-drdos-attack/
NOTE: Rather than using a smaller botnet like this talks about, we'll talk about a dedicated server with IP spoofing & IP-header modification enabled in order to do the same attack without breaking further laws.

DDoS and the law:
Summary
DDoS attacks are almost certainly against the law, with a maximum punishment of ten years in prison. One merely needs to act with the intention of taking down a website, however temporarily for the law to apply. Even distributing tools to use in DDoS attacks can be an offence.
(taken from: https://legalpiracy.wordpress.com/2011/01/10/ddos-attacks-and-the-law/ )

Spoiler:
Interesting points on the topic]
$150 can buy a week-long DDoS attack on the black market.
More than 2000 daily DDoS Attacks are observed world-wide by Arbor Networks.
1/3 of all downtime incidents are attributed to DDoS attacks.
( http://www.digitalattackmap.com/understanding-ddos/ )
Cloudflare is useless unless you can hide your backend IP address or spent $5k/month
DDoS attacks are often small (under 10gbps) and often for around 30 minutes
( https://centarra.com/2014/03/14/5-facts-about-ddos-attacks.html )

points:
1. DDoS can be used for stress testing purposes
2. DDoS can be used to test DDoS mitigation before it becomes a 'real' scenario
3. DDoS can be used for Cyber protest - see Operation payback
4. DDoS has other uses - such as 'taking down' scammer websites
5. Most DDoS attacks launched through DrDoS can be mitigated - encourages learning for website owners
Will probably add more. I'm assuming most people will be against it being legal so you can make your own points, if this isn't the case I'll edit this with the points of it not being made legal.

Oxodium
Forum Fanatic (1000 posts)
Forum Fanatic (1000 posts)


Back to top Go down

Re: Should DDoS be legal?

Post by Justin on 8/3/2015, 5:19 am

I guess i'm not answering this in a "debate like" way, but taking down someone's personal internet connection should obviously be against the law. People pay for a service, and if you take it away you are effectively stealing. Do it to businesses or companies and it's even worse. It doesn't even come close in my mind... clearly should be illegal.
avatar
Justin
Grandmaster (2000 posts)
Grandmaster (2000 posts)


Back to top Go down

Re: Should DDoS be legal?

Post by Oxodium on 8/3/2015, 2:03 pm

Justin wrote:I guess i'm not answering this in a "debate like" way, but taking down someone's personal internet connection should obviously be against the law. People pay for a service, and if you take it away you are effectively stealing. Do it to businesses or companies and it's even worse. It doesn't even come close in my mind... clearly should be illegal.

I partially agree with you, there should be laws implanted that would stop the abuse for random people.

And about business and companies, what happens if they're scamming people? You'd be breaking the law just for protecting people.

Also, right now if there was a website that was promoting something like child pornography on the clearnet and you stepped in and took action against the website, stopping pedophilia and safe guarding children you would still be breaking the law and could go to jail.

What's your opinions on those two scenarios?

Oxodium
Forum Fanatic (1000 posts)
Forum Fanatic (1000 posts)


Back to top Go down

Re: Should DDoS be legal?

Post by Kelly on 8/3/2015, 3:16 pm

Oxodium wrote:
Justin wrote:I guess i'm not answering this in a "debate like" way, but taking down someone's personal internet connection should obviously be against the law. People pay for a service, and if you take it away you are effectively stealing. Do it to businesses or companies and it's even worse. It doesn't even come close in my mind... clearly should be illegal.

I partially agree with you, there should be laws implanted that would stop the abuse for random people.

And about business and companies, what happens if they're scamming people? You'd be breaking the law just for protecting people.

Also, right now if there was a website that was promoting something like child pornography on the clearnet and you stepped in and took action against the website, stopping pedophilia and safe guarding children you would still be breaking the law and could go to jail.

What's your opinions on those two scenarios?  

Imo if someone is scamming people or doing something harmful to others, aren't there already laws and practices in place to protect the people? And what if it's simply one hurt individual who feels they were 'scammed' who decides to take down the business, rather than multiple people affected?

In regards to websites that promote stuff like child pornography, I think it would be better to go to the root and handle those problems themselves with enforced laws, rather than sanction people ddosing a site(s).

Plus, at the end of the day I think mostly smaller, random websites are most likely affected. I've seen lots of sites taken offline because someone wasn't following the rules and got banned, so since that banned individual is butt hurt, they ping the site to all hell until they can get Cloudfire (or something similar) and/or the paid one for fullest protection.

Just my opinion, like Justin not so much a debate like fashion. My current net connection simply isn't strong enough for it, can barely load webpages let alone Google for intensified info.

_____________________





MY iEMZ PC CEREMONY AWARDS (2014):
~*~ iEmz PC Awards Winter 2014 ~*~





MY SM CEREMONY AWARDS (2012 TO 2014):


avatar
Kelly
Grandmaster (2000 posts)
Grandmaster (2000 posts)


Back to top Go down

Re: Should DDoS be legal?

Post by Oxodium on 8/3/2015, 5:02 pm

Kelly wrote:
Oxodium wrote:
Justin wrote:I guess i'm not answering this in a "debate like" way, but taking down someone's personal internet connection should obviously be against the law. People pay for a service, and if you take it away you are effectively stealing. Do it to businesses or companies and it's even worse. It doesn't even come close in my mind... clearly should be illegal.

I partially agree with you, there should be laws implanted that would stop the abuse for random people.

And about business and companies, what happens if they're scamming people? You'd be breaking the law just for protecting people.

Also, right now if there was a website that was promoting something like child pornography on the clearnet and you stepped in and took action against the website, stopping pedophilia and safe guarding children you would still be breaking the law and could go to jail.

What's your opinions on those two scenarios?  

Imo if someone is scamming people or doing something harmful to others, aren't there already laws and practices in place to protect the people? And what if it's simply one hurt individual who feels they were 'scammed' who decides to take down the business, rather than multiple people affected?

In regards to websites that promote stuff like child pornography, I think it would be better to go to the root and handle those problems themselves with enforced laws, rather than sanction people ddosing a site(s).

Plus, at the end of the day I think mostly smaller, random websites are most likely affected. I've seen lots of sites taken offline because someone wasn't following the rules and got banned, so since that banned individual is butt hurt, they ping the site to all hell until they can get Cloudfire (or something similar) and/or the paid one for fullest protection.

Just my opinion, like Justin not so much a debate like fashion. My current net connection simply isn't strong enough for it, can barely load webpages let alone Google for intensified info.

Well the websites that scam often stay up for months, especially when you pay in a non-reversible currency such as bitcoin or litecoin.

As for websites that promote child pornography, what happens when they are a .ru domain and are hosted in russia? The age of consent in Russia is far lower so it's legal to be hosted inside of Russia, whilst places like the FBI or CIA have absolutely no control over 'seizing' the domain. In cases like this would a DDoS attack not be useful?

As for smaller websites, would it not encourage website owners to learn basic networking in terms of the protocols, how they are abused during a DDoS attack, then how they can be mitigated?

Due to the statistic in the original post of most DDoS attacks being under 10gbps they are easily mitigated by doing things such as filtering junk traffic (which renders most current 'SSDP' attacks completely useless). This would also encourage DDoS attacks not to be against small websites as A) The host would be able to mitigate against the attack B) The website administrator would then be able to add further DDoS protection to render these smaller attacks ineffective.

Also, as for cloud flare - most people don't realise that it is completely useless, there are a range of 'tools' out there that people can use in order to get the back end (real IP) for the website and then be able to take it down, the exceptions for this would be the experienced website owners who know how to hide the backend IP or the websites that are able to afford the $5000 per month fee for CloudFlare's protection.

The advantages of an average DDoS attack hitting at around 10gbps means that websites wouldn't be effected much unless there's several more people taking part and making the attack much higher in terms of volume to render it offline, such as in a cyber protest.

Just a little thought: What about the 'Anonymous' or 'th3j35t3r' who are taking target at ISIS websites? They could go to prison due to the fact that they're using methods of DDoS - but they're stopping ISIS from recruiting members and thus saving lives.

Oxodium
Forum Fanatic (1000 posts)
Forum Fanatic (1000 posts)


Back to top Go down

Re: Should DDoS be legal?

Post by Justin on 10/3/2015, 8:32 pm

I agree with Kelly. Let the law handle things and use the institutions we have in place to assign blame. Don't be a vigilante and take down a site with DDoS attacks.
avatar
Justin
Grandmaster (2000 posts)
Grandmaster (2000 posts)


Back to top Go down

Re: Should DDoS be legal?

Post by Oxodium on 11/3/2015, 5:40 pm

Justin wrote:I agree with Kelly. Let the law handle things and use the institutions we have in place to assign blame. Don't be a vigilante and take down a site with DDoS attacks.

This debate seems to have derailed from the law, the point is being that you could get sent to prison in order for taking offline something like a child pornography website or even an ISIS recruitment website.

You have ignored my point about different age of consent laws so for example hosted if a child pornography site gets hosted in Russia and the institutions we have in place can't do anything about it - then what other choice is there?

Oxodium
Forum Fanatic (1000 posts)
Forum Fanatic (1000 posts)


Back to top Go down

Re: Should DDoS be legal?

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum