Security Incidents mailing list archives

Re: RPAT - Realtime Proxy Abuse Triangulation

From: "Jay D. Dyson" <jdyson () treachery net>
Date: Fri, 27 Dec 2002 22:51:09 -0800 (PST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 27 Dec 2002, Stephen P. Berry wrote:

Funny that everyone seems to be hung up on the question of whether or
not reciprocal scans are -legal-.  Howzabout this one:  Even if scanning
spam relays is -legal-, is it ethical?


        Such a practice strikes me as teleologically ethical[1].  A system
is being abused and we recipient systems are paying the canonical price
for it.  And since we bear the cost of someone else's irresponsibility, we
have both the right and the responsibility to pick up the slack created by
the other party so that other systems do not receive the same net.abuse
ours have. 

        The only thing that would color such a practice as even remotely
unethical would be later utilization of such findings for the purpose of
further spamming or other nefarious conduct.

        As a rule, when my systems are spammed via an open relay, I do
indeed perform open relay tests on the offending system to confirm that
the relayed spam is genuine or trivially spoofed[2].  With those findings,
I file my reports with the cognizant admins and/or upstream providers so
that an end may be put to that nonsense.

- -Jay

1.  I don't subscribe to deontological ethics.  Even when I was a lad I
    never regarded "because I said so" as a valid rationale for anything.
2.  Old Sun Microsystems SMI 8.6 MTAs will accept any HELO statement and
    not log the IP, which caused all manner of spammer mischief.

   (    (                                                         _______
   ))   ))   .-"There's always time for a good cup of coffee."-.   >====<--.
 C|~~|C|~~| (>------ Jay D. Dyson - jdyson () treachery net ------<) |    = |-'
  `--' `--'  `How about a 10-day waiting period on YOUR rights?'  `------'

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iD8DBQE+DUniTqL/+mXtpucRApOlAKDFuMLEvKwX11Toknd0hSFxImXJ/gCeOl1a
Kmj84nr7KbWgxmjafsVZDm0=
=Y1yR
-----END PGP SIGNATURE-----


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Re: RPAT - Realtime Proxy Abuse Triangulation, (continued)
- Re: RPAT - Realtime Proxy Abuse Triangulation Kurt Seifried (Dec 24)
  - Re: RPAT - Realtime Proxy Abuse Triangulation Mathias Wegner (Dec 27)
    - Re: RPAT - Realtime Proxy Abuse Triangulation Jay D. Dyson (Dec 27)
    - Re: RPAT - Realtime Proxy Abuse Triangulation Kevin Reardon (Dec 27)
    - RE: RPAT - Realtime Proxy Abuse Triangulation Rob Shein (Dec 30)
    - Re: RPAT - Realtime Proxy Abuse Triangulation Greg Barnes (Dec 30)
    - Re: RPAT - Realtime Proxy Abuse Triangulation Gary Flynn (Dec 30)
    - RE: RPAT - Realtime Proxy Abuse Triangulation Rob Shein (Dec 30)
    - Re: RPAT - Realtime Proxy Abuse Triangulation Syzop (Dec 30)
- Re: RPAT - Realtime Proxy Abuse Triangulation Stephen Friedl (Dec 27)
- Re: RPAT - Realtime Proxy Abuse Triangulation Jay D. Dyson (Dec 30)
  - Re: RPAT - Realtime Proxy Abuse Triangulation Greg Barnes (Dec 30)
    - Re: RPAT - Realtime Proxy Abuse Triangulation Jay D. Dyson (Dec 30)
    - Re: RPAT - Realtime Proxy Abuse Triangulation Greg Barnes (Dec 30)
    - Virus? Trojan? David Gillett (Dec 30)
    - Re: Virus? Trojan? Peter Kruse (Dec 30)