[jackowayed]

Is sending out one packet that firesheep happens to break firesheep a DoS? It's not even targeted at that computer--it's just sent out on the network.

What about if I setup a device on the network that blinks a light whenever it sees that packet? I'm not trying to kill firesheep--I'm just trying to blink that light, and firesheep happens to be grabbing the packet and breaking.

I'm not just trying to be difficult; I'm genuinely interested in what would and would not constitute an illegal DoS under US Law.

[david_shaw]

Although technically illegal, "network self defense" would be a reasonable defense in a case such as this. Firesheep is designed specifically as a sniffer (legal to possess, illegal to use to steal data), and breaking its sniffing and crashing the host software really isn't going to be prosecuted. Remember that this won't DoS anything unless someone is running Firesheep against you.

Think about this: government-funded researchers in security run massive honeypots that attract hackers, who are then observed. Researchers often try to hack back through the botnet, as the Computer Security Group at UCSB did in their well-publicized ten-day takeover of the Torpig network.

Edit: Some more data:

"At the beginning of 2009, we took control of the Torpig botnet for ten days. Over this period, we observed more than 180 thousand infections and recorded more than 70 GB of data that the bots collected."

So these researchers took over the botnet and downloaded 70 GB of data that they sniffed. That's not just data on the botnet itself, but identifying data of the hosts that Torpig had infected. In this case, we have no idea what data was being siphoned around (although presumably not credentials, it's feasible that CC#'s were being moved to and from controllers). So whatever data Torpig stole, times 180,000 infections. We trust these guys because they're researchers, but are they above the law in a case such as this? Just something to think about!