[Dshield] Kornet.Net

John Hardin johnh at aproposretail.com
Tue Mar 5 17:30:40 GMT 2002

On Mon, 2002-03-04 at 20:28, Neil Richardson wrote:
> At 09:52 AM 3/4/2002, you wrote:
> >1. put up a "dshield shunning" (I'm reluctant to say "death
> >penalty"...:) vote page so that we can vote on this (and on similar
> >blacklistings in the future) - if nothing else, it'll be amusing.
>     *Insert standard problems with ballot box stuffing, etc.*  I do think 
> it's an interesting idea, though--I just hesitate to blacklist an ISP based 
> on open elections.  (Does DShield even have shttp ability?)

You would, of course, have to have a Dshield membership number to vote,
and each member's vote would be counted only once (but you could change
your position by voting again).

> <_Devil's_Advocate_>
>     I thought the consensus was that most foreign ISP's don't respond 
> because they don't speak English, and thus don't understand the complaints 
> admins are sending to them, right?  If so, is it fair to assume that their 
> end users will understand such notices any better than they do?

The ISP's user base is a much larger community than their tech support
department, and thus has a greater possibility of having people who are
literate in English.

A fancier way to do it would be to track the primary language of the ISP
being threatened and generate the warning page in that language. You
might only need to have a dozen variants for major languages (My, aren't
we being free with Johannes' time? :)

>     Even assuming they understand English, will they speak enough 
> techno-geek to understand it and why it matters?  (i.e., do "spam" and 
> "hacking" mean the same thing in 
> __INSERT_NON-ENGLISH_LANGUAGE_HERE__?)  Granted, the more people looking at 
> it, the more likely someone will figure it out, but....

Someone less geeky than I could write the warning.
>     (Some people have mentioned that they've started blocking connections 
> from geographic regions; how much success have you had in altering such 
> "undesired behavior"?)

That depends on how popular your site is, and what portion of your
*legitimate* traffic comes from the blacklisted area. For instance, we
don't do any business in Asia, so our blocking traffic from kornet
wouldn't be a "social pressure" maneuver. 

If we can get some large, popular sites using the Dshield Shun List it
would have a correspondingly greater impact - perhaps someone could
approach big-time pornsite webmasters? (said only slightly

John Hardin                                   <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
 "Rather than form a federation with Microsoft and work with what we
  had already created, there was this notion that the world should be
  offered an alternative."
                     - Craig Mundie, Microsoft CTO,
                       puzzled by non-MS-owned .NET user data services
 71 days until Star Wars episode II: Attack of the Clones

More information about the list mailing list