Slashdot Mirror
Killing Others' Malicious Processes
Roland Piquepaille writes "This opinion is not mine, but the one of Tim Mullen, from SecurityFocus Online. In this story, he expresses some strong ideas regarding systems infected by worms. "I believe you should have the right to neutralize a worm process running on someone else's infected system, if it's relentlessly attacking your network. I've even written code to demonstrate the process. Though the initial news coverage of the concept was grossly inaccurate in conveying my ideas, it has stirred up a constructive dialog. I knew my idea was controversial, but I was wrong about something -- I figured everyone in the security biz would "get it" and that the hard part would be convincing everyone else that if they can't or won't secure their machines, we as the defenders would have the right to terminate the process attacking us. It has turned out to be the opposite." The author then looks at the criticisms about this strikeback idea raised by some security experts -- to dismiss them of course. Check this column for a summary or read the original story for more details."
I'd rather see a set of worms released that infected machines on the scale of say code red or nimbda - but actually patched security holes, and or closed all the ports on the host machine. If the ports already closed by the machine were in actual use, the user would have the option to open the ones needed manually.
I agree with this! I work for an ISP, and when we come across a user that we cannot contact to notify of problems, we simple disconnect them untill they can prove they have resolved the problem. Its worked wonders. We see so much less virus activity trying to hit our mail servers, and we've had alot less complains about people having a virus or worm.
Can all fish swim?
"Since the owner of a system has no responsibility for the actions of a worm, or any malicious process, that runs without their knowledge, I submit that they also have no rights to the process. No responsibility means no rights.
So, if they have no rights to the process, there is no infringement against them when we neutralize it. If someone wants to claim that their rights were violated by our taking out the attacking process, then they should be held accountable for the actions of the process from its inception. They can't have it both ways. "
That, I think, is a good point. The solution, however, is not to make the counterattack legal, thus continuing to absolve people of responsibility, but to make the owners of the systems legally responsible for their failure to secure their systems. If your system is 0wn3d and used to launch a DDoS attack on AOL (or Slashdot, Kuro5hin, whoever), then AOL should have the right to sue you for damages. Your incompetence caused their loss.
You say you can't afford to pay? Tough. Should have thought of that before you put your insecure system online. You say it's the fault of the manufacturer for selling the insecure system in the first place? Take them to court. Too expensive? Well, if their system is too expensive to use, then people won't use it.
That is bsolutely the correct way to go, rmadmin. I report the problem server to abuse@problemserver'sISP and they usually inform the server's sysadmin/dork and disconnect the server until the problem is fixed.
I'm not really a web designer, I just play one on the Internet.
block that IP in your firewall.
I'm constantly getting hit from taiwan and SE Asia so I block the whole class C if it gets worse I go up from there. Seems to solve 99% of my problems.
I'm not sure that this is what the author of the article was talking about. But, I think you're more on track than he is.
Maybe I'm missing the author's point, but it didn't seem like he offered any clear solutions? Who will have authority to kill the said processes? Will the ability for those authorities to do so be implemented in the OS?
It's a noble idea, but certainly not ready for prime time. Holding people legally accountable for their own systems seems like a better solution, although nobody really sees that happening in the near future. For now, shutting the trouble machines out of the network while the user of the machine isolates the problem seems to be the easiest, safest, and most reasonable way to deal with worms and whatnot.
Sounds like a great scam to me. Here's how the dance could go:
... profit!)
1) Create a worm that will at some point perform a DDOS attack on my machine. Make sure it's nice and quiet so that it isn't detected until attack day.
2) Wait until my site is attacked by the worm. Whine and moan about the lack of security on the other machines.
3) Pick from among the richest "attackers" and sue their pants off...
(Oh yeah,
A friend of mine once said, "The only secure system is one that's not connected to the wall outlet." The hackers will always find something new to break into and everyone else will diligently (sometimes) try to stop them. The problem is that everyone's idea of diligence is different and someone with an itchy trigger finger killing off my processes at the drop of the hat isn't my idea of better security.
Plus, whatever means the security patrol uses to shutdown the offending processes will likely be exploitable in itself. If ssh is getting hacked then certainly this little back-door will too.
Having been the victim of the effects of Code Red (our Linux boxes we not affected, but the hosting facility we were in was overwhelmed with traffic from all of it's unpatched IIS servers), I can certainly see the reason as to why this software was developed. Our site was inaccessible for close to half a day, because of other people's inability to keep security at the forefront of their minds. We were powerless to do anthing but wait for our hosting providers to track down all of the offending servers at our location and fix them.
I remember being so angry at the time and I would have welcomed the scenario where a "strikeback" type of application would have put a stop to this problem in an automated fashion. I'm sure part of the creator's reasoning is that if people's systems are left vulnerable to various worms, then there should be no problem allowing his software to "fix" the problem. Perhaps an applicable anaolgy would be a fire spreading from house to house on your block and "strikeback" acting as the firemen putting a stop to it. Firemen often make a huge mess of buildings when putting out fires (cutting through walls and roofs, dousing everything with water, etc), but the ends justify the means.
On the other hand, the "strikeback" process could almost be considered like a vigilante mob, having the best of intentions, but essentially operating outside the bounds of the law. Secretly, we might root for them, but in essence we really need the police to do the job, thereby obviating the need for the vigilante mob.
In regards to the world of crimes committed against servers, I just don't who the actual police are. So many of these attacks happen without anyone being punished. The FBI has a policy of not even spending any time investigating any computer crimes where the damages cannot be proven to exceed US $20,000. That leaves a great deal of smaller businesses / websites essentially unprotected by anything except for their own ability to manage their security efficently.
Strikeback is just a reaction to the frustration of having to deal with all of these continuously spawning worms / attacks without anything being done to counteract them other that react after the carnage is already done. I'm not saying it's the right solution, but I certain can see why it is here ...
Strikeback's just slightly misplaced. It's clear attacking computers need to be stopped, but it's much easier to have DCMA-style takedown process where legal notice is served on an ISP to takedown the offender, and filing a false report opens the false reporter to legal liability.
This is just a guy out looking for kicks and fun. If someone is "probing/attacking" your network thanks to a worm and you can't contact them, the solution is simple:
You simply block off their traffic.
Close your blinds, your door, or whatever real world analogy you would like to try and apply. You have the right to send the same traffic back to them, monkeyseemonkeydo, but in no way is it possible to justify altering the running of their machine. Doing so, is no better than the malicious process already causing the damage.
--- I do not moderate.
I can't remember the name of the company, but last year I had just installed IIS, then ran to the store. By the time I got back, around 45min later, I had already been hit by CodeRed. There was a message on my screen saying 'You have been infected by CodeRed. We did not infect you. Your server is trying to infect us. Please look on your hard drive to prove how open your system is. You can click here for more help. Again, we did not infect you.' (something like that anyway.) They left a small folder in my WINNT/system folder that had a link to them. Once I clicked their link they had other links on how to remove it, you could download the script they wrote so you to could load it and detect other people infecting you. And they had stats on how many servers had tried to infect them already (around 2000), and they explained more how they were only trying inform those that were attempting to infect them to be more aware about codered. I have the link and script at home, not with me here. Sorry.
Yes, and.. one point I haven't seen made yet: The government can't vaccinate your children without your permission. They can kick them out of school, isolate them and make your life pretty miserable, but they can't invade their bodies without due process of law, which is missing in this equation.
And now DUCK, because here comes the straw man:
I think the main reason for the knee-jerk criticism from the likes of Schultz is that they work largely in a theoretical rose-colored world of security, where all problems are solved after a cup of coffee and a bit of pontification
While it's valid to argue that Shultz is responding knee-jerkedly (somebody have a better adverb?) It's not valid to attack him by virtue of the fact that he's an academic and to denigrate him with the cheap-shot coffee comment.
Academics study things like unintended consequences, the big picture, etc.. These are things most geeks can't be bothered to consider. While stupid academics tend to rise to the top in the media, very few are actually addle-headed theoretical bloviators. These smart people can contribute a lot to our discussions.
As for the actual argument about killing others' rogue processes, I don't have anything original to say, but in the "real world" it would be called vigilantism and trespassing.
Yes, it's a blog. Sorry if that offends you.
This concept relates to self-defense, and deadly force. Follow along with me...
If a person is in public, and is threatened, that person must make every reasonable effort to avoid the use of deadly force as a means of self defense, prior to useing such force. He must attempt to leave the scene, etc. In short, there is a Duty to Retreat.
If, however, that person is in his home, his own property, that person may use deadly force as a means of self defense without having to exhaust every means of escape or avoidance. On his own property, a person has No Duty to Retreat.
How is the scenario for Cyber-attack any different? Unlike most of the people commenting on this article, I believe you do have the right to take active measures in protecting your property.
Obviously, we're not talking about deadly force... We're simply talking about electronic countermeasures.
If an unsecured system on the Internet has been infected by a malicious program, and is now launching it's own attack against your system, your property, denying you the use of bandwidth or resources that you are paying for, I think you're perfectly within your rights to put the attack down, and if necessary, the offending system.
A person utilizing the Internet has a certain responsibility not to cause harm, either through action, or inaction. Most people on the Internet today seem tragically unaware of this. Without this, the Internet is ripe for a tragedy of the commons situation.
Is it wrong to still believe that with Rights come Responsibilities, or that with Priviledge comes Obligation?
Your rights to swing your arms around recklessly ends at the tip of your fingers, and at the beginning of my nose.
I think Tim Mullen is 100% correct, and I'm surprised there aren't more people that agree with him.
For those that would die defending it, Freedom
has a sweet taste that the protected will never know.
- You know they're vulnerable, because you know how the worm got in.
- Everyone else knows they're vulnerable, because the worm is being noisy about it.
Face it, those systems are going to get owned, one way or another. His proposal is to neutralize them before some script kiddie strings them all together for a DDOS attack.The converse is that a properly patched system is NOT vulnerable to strikeback, because the strikeback proposal only targets well-known worms. If your systems are vulnerable to well-known worms, then you have bigger problems than the possibility of having a process killed by this guy's neutralizing agent.
So, he's not talking about giving or gaining any kind of power. The ability is already there. He's talking about whether or not it's a good idea to use it.
I maintain a small number of servers, for a research project. All of these run the minimum of services for our purposes, have their own firewalls (in addition to the main organisational firewall), and once I apply the new packages for RHSA-2003:001, they will be up to date with all available patches.
This does not mean that they are unhackable. While it may be unlikely that someone will write a worm that uses a previously unknown bug, it could happen. By what you're saying, I'd still be liable. Should I have checked every single line of code my box runs?
As much as it may frustrate people when they get DDOS by wormed systems, this is not the solution. Better arrangements for having ISPs disconnect wormed systems, in my opinion, is the solution.
And if the opponent-machine is committing a DoS/flood-attack against my connection/machine?
Dropping the packets isn't going to save me from paying for the bandwidth, or unclog my connection ( this IS assault, we're talking about ), and no matter how I makebelieve that "they aren't touching my machine, therefore I have no right to touch theirs", it isn't that clear/simple ( they are obliterating my resources, for starters ):
If A PROCESS among their machine is attacking me & costing me, then have I the right to kill that process's action..?
If not, then assaulting/damaging others' ( by losing them their ISP/connection, or costing them thousands of dollars in bandwidth, or obliterating their livelihood's function ) is a right, and neither one's-own-resources, nor defensive-action is *equal* a right.
This *is not* the same as the "gun rights" discussion, though similar, because what I'm talking about is the right to kill their gun, not to kill them, see...
Messages to/for me ( in me journal )
The idea of writing "strikeback" scripts, as you describe, has been tossed around before. I recall reading a quick-and-dirty script for Apache posted on slashdot some time ago that would detect attacks from machines infected with Code Red, and would then exploit the security holes Code Red had opened on those machines to clean them. I used to support this idea, but I'm afraid after some thought, I've changed my mind.
I'd agree that if a worm is running on someone's machine without their knowledge, then the owner of that machine has no rights to that process (the obvious exception being the person who is spreading the worm, who runs it intentionally on his or her own machine, but we'll ignore him or her for now). In order for you to terminate that process, however, you have to break into their machine, and run your own process. You are, in effect, creating your own worm. Your worm may only run for a short while, and may be "for the greater good", but that doesn't change the fact that you are running code on other poeple's machines without their consent.
Even if we opt to ignore the ethics and look at this from a more practical angle, can you guarantee that your strikeback process is not going to adversely affect the machines it cleanses? What if your strikeback process causes a machine gathering scientific data to reboot, or kills the wrong task? This has the potential to set someone back by several days in their work. What if it reboots a machine monitoring medical equipment? You could end up killing more than just a process, if you catch my meaning, however unlikely that may be.
Since you are intentionally running a process on someone else's machine, you are accountable for it's results. If you cause damage to a machine, or cause data to be lost, even if it is inadvertant, you open yourself up to litigation from the owners of those machines.
Who will have authority to kill the said processes? Will the ability for those authorities to do so be implemented in the OS?
I thought the same thing. Having this type of infrastructure in the OS would probably create a lot more problems than it would solve. The OS of the compromised system can't possibly know which of its processes are hostile, so it must allow remote sysadmins to kill all processes. That can't possibly work in practice so some kind of filtering of what processes may be killed remotely is needed. The only sensible way of filtering, that I can think of from the top of my head, would be to allow remote users to kill only processes that interact with their machine, for instance the web-server box could kill web-client processes that connect to it. Now this would make sense to a point but still sounds like something that could be abused in a hostile environment by spoofing etc.
The author might of course also mean that the processes should be killed by attacking the infected computer through the same security hole that the original worm/virus used. Using this security hole the infected computer could be cleaned, and even patched. Now this scheme just might work, but it's probably illegal and perhaps immoral as well. I at least wouldn't like it if my machine would be patched remotely without notifying me. It might of course inspire worm writers to have the worm fix the security hole it uses by itself, which would be kind of amusing
Computers don't have rights or responsibilities. Processes don't have rights or responsibilities. If computer A attacks computer B (via a worm or whatever else.) and computer B "strikes back", self-defense is a fair metaphor, but it isn't a relevant legal or ethical argument, because the computer don't have rights.
Computers are property. More specifically, my computer is my property. I have a right to keep my property, and you have a responsibility to keep your hands off my property, and if you don't keep your end of that agreement, you've broken the law and I can bring the government into it.
Yes, your property rights are violated if my computer has a worm that attacks yours. Maybe the government will acknowledge that and step in, and maybe it won't. If you don't like the way the government handles this, elect somebody who will change it, write a letter to your legislators. But the government's refusal to step in doesn't mean, as Mullen asserts, that the owner of the attacking computer has no responsibility. It just means that the government has opted not to hold him responsible. The only way to fix that is democratically.
But suppose Mullen is right about that, and this person has no responsibility. He says "no responsibility means no rights". Wrong. The constitution says that no person shall be deprived of life, liberty or property without due process of law. In practice, that limits the action of government, not offended sysadmins. But the principle here is that my rights are my rights, and nothing I do, however, bad, foreits them automatically. Maybe, after a fair legal process, society (i.e. government) may decide to take away some of my rights (i.e. lock me up, fine me, whatever). But not before. That's a fundamental part of the social contract which makes us civilized.
Then Mullen makes a different argument: the rights of the many outweight the rights of the few. (Thank you, Spock.) Maybe. But the same principle applies. My rights are my rights. Maybe you can get a court order to require me to donate blood, if it will save 100 lives. But if you take my blood without getting the court order, you have still violated my rights and broken the law.
Now, if the guy who took my blood is a real hero, and believes what he did was right and necessary, then he'll say that going to jail is a small price to pay for saving 100 lives. Good for him. If Mullen really believes this is a case where the law runs contrary to ethics and morality, he can wear a grey hat and illegally hack systems for the greater good. But unless he's willing to wear a black hat, he'd better admit what he's doing it illegal, and a violation of rights, and be prepared to take the punishment when he does it.
IANAL, yadda.
DancingSword said: "Dropping the packets isn't going to save me from paying for the bandwidth, or unclog my connection ( this IS assault, we're talking about ), and no matter how I makebelieve that they aren't touching my machine, therefore I have no right to touch theirs, it isn't that clear/simple ( they are obliterating my resources, for starters ):"
Yes, but the correct approach is to complain to your ISP and have them firewall the offending packets off upstream, without making you pay for them. If you're a business customer this shouldn't be a problem for the ISP.
Then he said: "If A PROCESS among their machine is attacking me & costing me, then have I the right to kill that process's action..?"
No; you're not killing an action by firewalling their traffic. You are blocking it, just as you have the right to put a lock on your front door to block a thief from entering your house. You're not tying the thief to a telephone pole; he still has his liberty -- you're just keeping him out of YOUR house, which is YOUR right. See? Your rights end where the thief's rights begin, and vice versa.
Then he said: "If not, then assaulting/damaging others' ( by losing them their ISP/connection, or costing them thousands of dollars in bandwidth, or obliterating their livelihood's function ) is a right, and neither one's-own-resources, nor defensive-action is *equal* a right."
Now, you're using a non sequitur. You cannot proceed from the other proposition to this conclusion; it just doesn't work. Here is what I think the "rights" situation is (just to be clear):
I have the right to take action on MY OWN MACHINE, to prevent your machine from interfering with me. Thus, I can firewall your machine off from me, and I can ask my ISP to put in an upstream firewall to protect my business. This only affects MY machine, so it doesn't impact any legitimate rights of the attacker.
Even if an attacker is DOS'ing your server, you do not have the right to attempt to counter-hack him. Your rights end where his begin, you see: he has the right to expect privacy and noninterference on his system just as YOU do on yours.
The only appropriate action is to involve your ISP and the authorities. They can then take LEGAL action against the source of the attacks.
Farewell! It's been a fine buncha years!
I don't think it is a matter of holding everyone responsible for any attack that may come from their machine. It is about holding negligent users responsible for their negligent actions.
For exameple, if someone owns a gun but keeps it locked in a safe in their house and stores the ammo somewhere else, yet some master thief manages to steal their gun and use it in a crime, I doubt anyone would say that is the fault of the gun owner. However, if the same gun owner left the gun loaded and laying around on their front lawn and someone came by, picked it up, and shot somebody, they would be sued and/or arrested for their negligence.
The problem is determining at what point is a computer user negligent. Is your average consumer negligent for connecting their Windows box to a high-speed connection and not using any firewall software? Or is it someone who turns on various services like file sharing without knowing full well what they are getting into? Or is it anyone who takes reasonable precautions, but when they get cracked they don't realize it until their box has had a chance to eat up tons of somebody else's bandwidth?
While I may agree with some of this, I think it should be pointed out that securing your systems is not a binary operation; you can be a competent sysadmin and still get owned by the latest exploit if you didn't find out about it quickly enough. You can also get nailed by some obscure exploit that a duly diligent admin might not have known about.
You might also get nailed if you run an insecure application or allow users to run code on your system. My concern is that if you have a precedent like this, no one who can't afford an army of lawyers could afford to take the risk of being online, because the risk of getting sued into penury is too great.
Do we want to foster a system where only the very wealthy or highly-connected can afford to run a server on the Internet?
This is a much more frightening spector than anything else Tim mentions in his column. This mantra can and would be applied to many other areas if such a policy became commonplace. Apply this to dissemination of knowledge. Suppose I have data available on my webserver that is viewed as "malicious" say how to build a bomb or exploit commonly known vulnerabilities in a web server. Does this give someone the right to remove said data from my server simply because I have a disclaimer saying I have no responsibility for how someone might use this data? This sounds like a piggy back onto another round of "strategic protection of US citizens" i.e. read "strategic reduction of fundamental freedoms of US citizens".
"No responsibility means no rights" gimme a break.
with Mr. Mullen's proposal, is this.
He sees the world this way: 1. People are negligent, and allow machines to become compromised, which allows harm to come your way. 2. Therefore, if people will not defend their own machines, you should be able to defend yours by disabling theirs.
This is a little like the following: 1. People are negligent, and allow their cars to get stolen, which allows hit-and-run drivers to take you out with them. 2. Therefore, if people will not defend their own cars, you should be able to defend yours by being given a rocket launcher to disable theirs.
The second example sounds kinda weird, doesn't it?
I've watched "World's Scariest Police Chases" and suchwhat. If a driver's acting like a maniac, the police bust out these cars with large ramming devices on them, and beat the crap out of the offending vehicle. If someone is driving recklessly on the highway, I can't just take my SUV and ram them off the road myself.
While I may have justification for doing so -- after all, that driver is endangering me and those around me -- I do not have authority. There is a reason that only police are given the power of arrest and other various things they have. (Just try walking around with a pistol in broad daylight in Philadelphia, for example.)
Mullen would have us all issued shotguns, to defend ourselves from any would-be vandals and thieves who enter our homes. While it is justifiable for us to use these weapons against those who would cause us harm, is it really wise to give everyone a shotgun? There are most certainly those who would use them improperly. The obvious solution, of course, is to give everyone some sort of shield, that prevents them from being hit by a shotgun shell, to protect us from bad users of shotguns. But, uhm, then shotguns don't work against the vandals, because they have shields too. So a perpetual arms race against ourselves would develop.
There's a reason weapons aren't issued to us for our own defense -- collectively, we are not responsible enough to operate that way. Only special agencies are given the Authority to administer Justice; justice itself does not belong to the rest of us. Unfortunately, we don't have an "internet police force", nor would one even be desirable.
But ISPs can still pull the plug on users who aren't operating "correctly," and University and other networks can block down a MAC address if it's causing trouble. And that's about as close as we really should want.
After reading the article and the discussions posted on the CounterPane site, everyone seems to be harping on the same issues over and over again.
First of all, people are using really bad analogies to try and prove their point but I think they're just missing what exactly Mr. Mullen is trying to say. Breaking into peoples houses, loud dogs barking, and slapping your neighbor's kid for mouthing off are just some examples of these (IMHO) "flawed" analogies.
I don't think you need an analogy to understand the situation. When is it ever LEGAL to be an unauthorized intruder in someone else's computer system? That's right, never. (If you have permission, it's not unauthorized. If you own it, it's not someone else's.)
The reasoning behind this proposal is to allow the "victims" of a "relentless attack on their network" the right to "neutralize a worm process running on the infected system". "Neutralize", in this context, can basically be read as "obtain unauthorized access to the infected system and terminate", presumably by exploiting some vulnerability in the system (since most modern OS's do not allow anonymous people to just terminate processes at will). However, in doing so, the "victim" here is assuming the role of an unauthorized intruder and thus breaking the law. And there's a damn good reason why things are set up like that (at least in the US).
Hell, even the police (supposedly), need a search warrant or permission to access your computer systems and read your data. Why would I want to give that ability to every "administrator" that hooks a system up to the internet just because they don't like the data that my computer is sending to theirs? If they don't like it, they have several available options including contacting my ISP to shut off my service, contacting their ISP to block my address at their upstream router, or (in the case of criminal actions) contacting the police. If what my computer is doing is not a criminal act, and neither my ISP nor theirs wants to act on it, maybe they need to find a new ISP or maybe what I'm doing is not a large enough nuisance for anyone except the "victim" to care.
Another problem with this proposal is what exactly constitutes a "relentless attack"? What about an attack that isn't relentless? What about unsolicitied commerical email (aka SPAM)? Who gets to say whether something is an "attack" or not? There is way too much "grey area" there for any sane person to just blindly give out ROOT LEVEL ACCESS to their systems based on such a statement (killing arbitrary processes is definately a root-level operation).
From his original paper, I found the following paragraph particularly troubling:
I say that we have the right to defend our systems from blatant worm attacks, and that we are within our rights to take measures to stop an attacking system from further infringing on our assets, consuming system resources and service availability, and from their ultimate attempt to compromise our systems.
He's talking about "Code Red" and "Nimda" specifically so I'll use those examples also. When you hook a web server up to the publically accessible internet, you are implicitly allowing other systems to send HTTP requests to you over port 80. How you can say that certain requests are "infringing on [y]our assets" is beyond me, but then again, I don't agree with much of the logic of Mr. Mullen's argument. And, yes, each request consumes system resources and if you get enough of them, it could affect the service availability of your web server. However, by putting up a web server, you are implicitly allowing such requests. As far as their "ultimate attempt to compromise our systems", that is a legal matter and should be tracked and referred to the police. You don't have the resources to do that? Well, how important is it for you that the "attacks" stop?
Sorry, Mr. Mullen, but I disagree with your proposal and your opinion that you should have the right to access my computer system without my authorization. Let's leave this up to the authorities and just worry about securing our own systems. Your "right" to defend your system/network from worms stops at my system/network.
I believe you should have the right to neutralize a worm process running on someone else's infected system, if it's relentlessly attacking your network.
Technically speaking, you do. No, I'm not kidding. It's called the right of "abatement", and it's a right dating back a millenium or so. It's even a defence to criminal charges that you were exercising your right of abatement in a manner that was reasonable in the circumstances.
The problem with this is that they might still charge you.
Now if you're willing to take the risk, the right of abatement is a right to take steps to prevent a trespass or nuisance affecting your property or your enjoyment of your property, even if this requires violating the property rights of somebody else from whose property the trespass or nuisance originates. For example, if somebody sits outside your house at midnight, playing a ghetto blaster at maximum volume, and refuses your request to stop, you can slap them around until they stop, or smash the ghetto blaster. Legally, you will be exercising your right to abate a nuisance.
Yes, theoretically this could be applied against spammers and open relays too.