Re: All China, All The Time

["Steven J. Koch" <steve.koch () gmail com>]

> I could only imagine.  The other problem is that many people seem to think I'm saying something against
> the Chinese *people* themselves, based on the "f* you round-eye* messages I've received (and they call
> ME racist).  They don't seem to get the clear distinction (to me) between the Chinese people and China's
> network.  It's the machines I'm concerned with the attacks coming from those machine.  Just because the
> machine is sourced in China doesn't mean the attacker is - so I have to do the best I can to defend against
> the machines.  However, that unfortunately comes across to those who choose not to think it through as me
> saying something against the Chinese themselves.

> Then again, as you well know, people will take any opportunity they can just to be ugly and confrontational,
> and to have something to rail about.  In the face of the reality of China's horribly infected network, when I
> suggest blocking that traffic (as many others have and do), they seize the opportunity to call me prejudice
> and a racist.


The following is opinion, not necessarily fact.

I'm not sure how blocking a country's traffic is racist. This would
seem to me that the people saying this believe that only one race
lives in that country. I agree with blocking China's traffic in the
situations where you can do so without negative impact.

The question that China's government should be asking is "Why are
people choosing to use servers located in China to perform these
attacks?". The answer to that question likely has something to do with
consequences. You see, for the most part people are driven by
consequences. If there are bad consequences to performing the attacks
from servers in the U.S. but there aren't any bad consequences to
performing the attacks from servers in China then clearly I would
choose China.

While penalties for "hacking" (why can't anyone use the appropriate
term, cracking?), have become more severe in China, unfortunately
those outside the jurisdiction of China's laws have nothing to worry
about because the Chinese government is not working with other
governments to pursue these people.

The bottom line is that if Antartica's network was flooding my
networks with malware, viruses, attacks, etc., I'd block them too. Now
maybe that makes me racist against Penguins, birds, whales and seal,
but oh well.


Kind regards,


Steven J. Koch
Systems Development Engineer





On Fri, Jan 15, 2010 at 12:15 PM, Gadi Evron <ge () linuxbox org> wrote:
> On 1/15/10 6:40 PM, Thor (Hammer of God) wrote:
> > I could only imagine.  The other problem is that many people seem to think I'm saying something against the Chinese 
> > *people* themselves, based on the "f* you round-eye* messages I've received (and they call ME racist).  They don't 
> > seem to get the clear distinction (to me) between the Chinese people and China's network.  It's the machines I'm 
> > concerned with the attacks coming from those machine.  Just because the machine is sourced in China doesn't mean the 
> > attacker is - so I have to do the best I can to defend against the machines.  However, that unfortunately comes 
> > across to those who choose not to think it through as me saying something against the Chinese themselves.
> >
> > Then again, as you well know, people will take any opportunity they can just to be ugly and confrontational, and to 
> > have something to rail about.  In the face of the reality of China's horribly infected network, when I suggest 
> > blocking that traffic (as many others have and do), they seize the opportunity to call me prejudice and a racist.
>
> The Chinese network is indeed very infected, which in turn causes the rest of the world great computerized harm. 
> Nobody disputes this.
>
> The solution of blocking China, however, is one which harms both people outside of China, as well as those inside of 
> China. Therefore, it translates into an attack on them.
>
> Looking it this operationally:
>
> 1. Functionality
>
>        Do you have clients who need to interconnect with China's
>        networks, or expect people to connect to you from China?
>
>        If so, the cost of security by blocking may be unjustifiable.
>
> 2. Urgency
>
>        If a lot of IP sources attack you from China RIGHT NOW, and you
>        need immediate mitigation, blocking China short-term may work,
>        but obviously not as a permanent solution.
>
> As to "getting rid" or "refusing to connect with" networks with extremely bad reputation, that may be quite 
> acceptable on an individual bases, but not on the Internet-scale, as things stand right now.
>
> When I facilitated making Atrivo (and others) no longer welcome on the Internet, it was a brand new move, and it 
> helped change the social belief of "don't be the Internet's firewall" to "some bad actors shouldn't be here, but 
> generally don't be the Internet's firewall."
>
> Such social change to encourage new technological and operational solutions happenes every 2-5 years or so, and I 
> don't expect anything large enough such as an AS-based reputation system to happen anytime soon.
>
> Also, you should consider that such actions also have direct political and diplomatic ramifications neither of us 
> understands.
>
> So, for now, I'd say that each of us should make such decisions by our own risk analysis with the trade-off between 
> costs and benefits in mind, and only for our own networks.
>
> Aside to that, I know some people in China who work very hard on security, and do a better job than we do at it. But 
> that does not mean the situation as it stands now is acceptable.
>
> > IOW, I really don't think the tag had that much to do with it now...
>
> People are just picking on you because they can. I can only share how I see such Internet discussions.
>
> Cost of doing business, just consider your responses on a level of (time == money) && what your response would gain 
> for you or the community. If the answer is nothing, then examine whether you still believe it is worth it. If yes, 
> just do it. If not, move along.
>
> That is my basic guideline after years of trial by fire.
>
> Also, you will always be misunderstood, be careful in your language, but not so much that tl;dr. State your case with 
> the obvious exceptions, and discuss misunderstandings later. As trying to anticipate everything as an opposite 
> example to just saying what you think would mean people will just nitpick on one lower-hanging fruit item, or ignore.
>
>        Gadi.
>
> > T
> >
> >
> >
> > > -----Original Message-----
> > > From: Gadi Evron [mailto:ge () linuxbox org]
> > > Sent: Thursday, January 14, 2010 6:27 PM
> > > To: Thor (Hammer of God)
> > > Cc: bugtraq () securityfocus com
> > > Subject: Re: All China, All The Time
> > >
> > > On 1/14/10 8:09 AM, Thor (Hammer of God) wrote:
> > > > So, apparently my "witty" tag via Google Translate means something I
> > >
> > > didn't quite mean.  Surprise, surprise.  Luckily it wasn't something
> > > vulgar, (that's what I get for trusting Google Translate and trying to
> > > be funny) but what I meant it to say was "If you can read this, don't
> > > bother replying because my servers won't get it."  However, it seems to
> > > mean something like "don't reply because you are not welcome here" or
> > > similar.  That wasn't my intention, as it seems to infer I actually
> > > have something against the Chinese people and not their networks, which
> > > I take issue with.
> > > > Sorry for the poorly translated reference.
> > >
> > > People always try and send me Hebrew using Google Translate... it's
> > > usually word for word which means it breaks sentence structure. Then it
> > > misses context, translating words with different meanings. Then it
> > > completely mistranslates by using the root of the word, or similar,
> > > anything it doesn't know.
> > >
> > > All in all, while it can't be confused with real Hebrew, it is quite
> > > clear.
> > >
> > > Chinese seems a bit (understatement) more complicated, though. Hebrew,
> > > while hard to learn at first, is a very easy language when considering
> > > most parameters.
> > >
> > >        Gadi.
> > >
> > >
> > > --
> > > Gadi Evron,
> > > ge () linuxbox org.
> > >
> > > Blog: http://gevron.livejournal.com/
>
>
> --
> Gadi Evron,
> ge () linuxbox org.
>
> Blog: http://gevron.livejournal.com/