funsec mailing list archives
Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups)
From: Rich Kulawiec <rsk () gsp org>
Date: Mon, 19 Oct 2009 08:18:43 -0400
On Mon, Oct 19, 2009 at 12:25:02AM -0700, Paul Ferguson wrote:
I'm wondering -- through watching this thread -- if people actually think spam is the biggest threat we face on the Internet?
Precisely. I'm appalled the most of a decade after the zombie problem was reasonably well-understood, that we are still seeing the launch of "security projects" (to lump a number of things together under an overbroad phrase) which are obviously pre-failed -- like the boneheaded Comcast pop-up plan that started this thread. And as much of a threat as the zombies are, they're only a tactic that's part of larger strategies deployed by well-organized operations employing some very smart people; so even if zombies disappeared tomorrow, they'd just be replaced by another approach. Equally appalling (to me, at least) has been the sharp decline in the sense of responsibility among network and system operators. I've always maintained that one's first duty isn't to one's users, or to one's management -- it's to the entire rest of the Internet, because without their goodwill and cooperation, the entire implicit social contract that allows the Internet to function breaks down. That's why, on 11/3/1988, we pulled our own plug at Purdue: we had very good reason to believe we were a threat to our network neighbors, and that was the fastest, best way to mitigate it. It was the right thing to do, and we did it -- as did any number of others in the same situation. Compare and contrast with this statement from several years ago (while we're talking about Comcast): "We're the biggest spammer on the Internet," network engineer Sean Lutner said at a meeting of an antispam working group in Washington, D.C., last week. Yet, they didn't pull their own plug. They didn't do anything meaningful about their zombie problem (PR exercises don't count). They just wallpapered over it by belatedly blocking outbound port 25 connections YEARS after this problem was exceedingly well-known. And in the interim, they deliberately allowed their operation to be the source of an incredible amount of abuse. They're hardly alone. Anyone who's watching their logs and hasn't firewalled out the relevant network ranges sees the same all day, every day from Verizon and Tiscali and PLDT and Charter and Blueyonder and all kinds of other operations. And along with it, the SSH brute force attempts, the HTTP exploit attempts, the port scans, the DNS probes, the zombie-hosted phish sites, the malware, etc. It is this utter failure of responsibility, this profound negligence, that I think is every bit as much a threat as The Bad Guys. It allows them to operate with impunity, since they know that any action will very likely be slow, ineffective, and easily countered. ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups), (continued)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) G. D. Fuego (Oct 17)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) chris (Oct 17)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Dan White (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Paul Ferguson (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) chris (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (wasComcastpop-ups) Larry Seltzer (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Valdis . Kletnieks (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) chris (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Valdis . Kletnieks (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) rick wesson (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Rich Kulawiec (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene(was Comcastpop-ups) Larry Seltzer (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) der Mouse (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Dan White (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) der Mouse (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Valdis . Kletnieks (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) der Mouse (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Nick FitzGerald (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Paul M. Moriarty (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Michael Collins (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) der Mouse (Oct 19)