Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups)

[Rich Kulawiec <rsk () gsp org>]

On Mon, Oct 19, 2009 at 12:25:02AM -0700, Paul Ferguson wrote:
> I'm wondering -- through watching this thread -- if people actually think
> spam is the biggest threat we face on the Internet?

Precisely.  I'm appalled the most of a decade after the zombie problem
was reasonably well-understood, that we are still seeing the launch of
"security projects" (to lump a number of things together under an
overbroad phrase)  which are obviously pre-failed -- like the boneheaded
Comcast pop-up plan that started this thread.

And as much of a threat as the zombies are, they're only a tactic that's
part of larger strategies deployed by well-organized operations employing
some very smart people; so even if zombies disappeared tomorrow, they'd
just be replaced by another approach.

Equally appalling (to me, at least) has been the sharp decline in the
sense of responsibility among network and system operators.  I've always
maintained that one's first duty isn't to one's users, or to one's
management -- it's to the entire rest of the Internet, because without
their goodwill and cooperation, the entire implicit social contract that
allows the Internet to function breaks down.  That's why, on 11/3/1988,
we pulled our own plug at Purdue: we had very good reason to believe
we were a threat to our network neighbors, and that was the fastest,
best way to mitigate it.  It was the right thing to do, and we did it --
as did any number of others in the same situation.

Compare and contrast with this statement from several years ago (while
we're talking about Comcast):

        "We're the biggest spammer on the Internet," network engineer           
        Sean Lutner said at a meeting of an antispam working group in           
        Washington, D.C., last week.  

Yet, they didn't pull their own plug.  They didn't do anything meaningful
about their zombie problem (PR exercises don't count).  They just wallpapered
over it by belatedly blocking outbound port 25 connections YEARS after
this problem was exceedingly well-known.  And in the interim, they
deliberately allowed their operation to be the source of an incredible
amount of abuse.

They're hardly alone.  Anyone who's watching their logs and hasn't
firewalled out the relevant network ranges sees the same all day, every
day from Verizon and Tiscali and PLDT and Charter and Blueyonder and
all kinds of other operations.  And along with it, the SSH brute force
attempts, the HTTP exploit attempts, the port scans, the DNS probes,
the zombie-hosted phish sites, the malware, etc.

It is this utter failure of responsibility, this profound negligence,
that I think is every bit as much a threat as The Bad Guys.  It allows
them to operate with impunity, since they know that any action will
very likely be slow, ineffective, and easily countered.

---Rsk
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.