[Dshield] Re: Fighting CR2

Ian Cottrell ian.cottrell at home.com
Fri Aug 10 22:53:42 GMT 2001


I have to agree with Scott.  In fact, I'd go as far as to say that I don't want 
my ISP filtering stuff at all!  Given their record for such things, they'll only 
screw it up and probably break something that I need!  Tracing and dealing 
with delinquents within in their subscriber population - yes, please.  But 
trying to control what reaches (or leaves) my system - no, thanks!

I am responsible for my own security and will look after it, thank you.  
Leave the ISP's out of it..........................Ian

> On behalf of those of us home users with a clue.. It's this sort of knee jerk
> reaction that's causing us to get hurt.  Rather than send a hoard of
> armadillo.. er  programmers to write up the scripting to block this kind of
> traffic, they're just filtering all inbound port 80.
> 
> Now, while I believe I'm in the minority.. not just home user with a clue, but
> user with a clue period...  I also believe that education is the manner in
> which to handle this.. not heavy handed "We're not going to let this through"
> methods.
> 
> Beyond that,  sending a couple thousand "Your client attacked my system"
> emails will most certainly gain their attention and they will definitely take
> care of it.. look at AT&T.  They just blocked port 80 inbound.  Now you're all
> thinking "cool!"  except I might note that it didn't stop the infected servers
> from being infected.. or spreading it.. just stopped the ones that missed out
> (all none of them) from being infected, and stopped those infected from being
> exploited.  Didn't help the bandwidth a lot.. just p*ssed off a whole lot of
> generally competent people.   Those folks that aren't patched probably don't
> realize they've got IIS running.. and well.. lets face it.. won't notice that
> inbound 80 is being blocked either.. they're going to happily go on about
> browsing their porn and downloading from morpheus/napster et al.
> 
> I believe Johannes suggestion is by and large the most positive.  Save a
> list.. send it to them that way.. let them deal with the individuals rather
> than killing off the entire port base because they're sick of getting the
> individual emails.  We're doing our part here by sharing the information and
> protecting ourselves.. Some are doing more by trying to educate those users
> they can.  Others.. I'm sorry to admit are turning red in the face and
> spending far too much time trying to kick the other guy in the groin.  I
> personally wish I had that kinda free time.
> 
> Scott
> 
> 
> >*snip*
> >organisations who's sole purpose is monitoring traffic. They have the
> >capacity to 'see' the contents of _every_ packet pushed over the internet -
> >so why can't they talk to the major ISP's or do it themselves - and to write
> >filters that watch for the specific http call, in this case default.ida, and
> >simply filter it out? Well, at least the ISPs could do it anyway.
>   *more snipping*
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www1.dshield.org/mailman/listinfo/dshield





More information about the list mailing list