[Dshield] mail1.giac.net spamcop listed]
superc at visuallink.com
Wed Dec 17 16:46:01 GMT 2003
Let's understand MS attitudes toward security and potential abuse in years
past is a big part of the problem. The (architects) people who wrote the
Internet Protocols are also a big part of the problem because security
wasn't on their radar. Time was when certain people were praised for
writing pop up advertising software and their corporate stocks were hot for
a week or two until the product began to be used. However, there can be no
denying that IBM and MS won the computer wars of the 80s.. Their machines
(or descendants of) and software dominate the Internet. That "one vendor"
is what? 80$ of US use? Its not "an exploit," it is hundreds of exploit
schemes against the entire range of products from that one vendor, who
happens to be the maker of the dominant Internet product. I don't need to
know what other products a non MS consumer has to know there is at least
one exploit already out there for that product too. Please recall that
each "new" vulnerability MS releases on their monthly schedule is a
vulnerability that has existed since their first release of the product.
[Given the size of some of their recent patches and the MS reluctance to
publicly discuss what is in them and why they are so large, I suspect some
of the patches themselves contain vulnerabilities that are exploitable to
someone on the inside.] In many cases, some, both in and out of MS, have
known of the vulnerabilities of original software for years and years.
Some have been quietly exploiting them for years. No doubt some of the
vulnerabilities to be released in the months to come will also already be
known or already exploitable to some. Draconian preventive measures
against the exploiters are called for. Those who chose another vendor,
like those who invested heavily in Atari or Commodore Amiga or IBM series 2
systems in the early days will either just have to follow the crowd, or
else convince the crowd to change their purchasing habits by showing a
I don't see myself as calling for a ban on echo request packets to hosts
with whom you or your organization has a relationship with. I do call for
a ban on pinging entire blocks for no good reason. To me it is analogous
to kids running through an apartment building ringing every door bell.
They got banned too. Sometimes when grownups ring doorbells it is a
prelude to an intrusion if no one is home or the door is open. Attacks
often follow pings. The people that send them need to be treated the same
way someone walking down the street randomly ringing doorbells is treated.
Being a landlord doesn't normally require ownership of the furniture
(data), or the dishes (content) either (furnished rooms excepted). Still
he/she is responsible for ensuring the safety of the occupants and making
sure the premises aren't a general nuisance to the community at large. The
machines that run server programs are real property. They are physical,
and they can be touched. Therefore, if the law permits, they can be
seized, sold or destroyed, just like a building or a car. The landlord
analogy is very applicable. Your claim that the providers should be viewed
in the same light as those who build a road is wrong. Microsoft, Unix,
IBM, Honeywell and a host of other machine retailers get that position, as
do the software architects who wrote the programs. Not the end purchasers
of the machines (roads), they became landlords.
I agree that my approach requires the ISP owners to do some work for their
money. No doubt some would rather get out of the business. Mach Nichts or
who cares? Someone else will replace them. The same thing happened in the
US when sprinkler and smoke detector laws were passed. Some landlords got
out of the business, others spent the money and installed the sprinklers
and smoke detectors. Tier 1's probably wouldn't have to do much content
checking to determine the origin point and number of emails. Since many
are lunging towards content checkers anyway (i.e., spamassasin, spamkiller,
postini, etc.) that argument becomes specious. (Privately, I don't like
the filters because the concept is only a small step away from political
content filtering and people watching, and some have probably already taken
the step, even if only to watch. Some emails go through multiple content
filters before arriving at the end recipient. I am sure not all leave
header trails.) A simple counting program with a log to be checked
periodically would show where thousands of emails are originating from.
Now granted, some machine owners might not know their machines were
generating the emails, and being contacted by the local email licensing
authority would be about as welcome as a surprise visit from a building or
health inspector. Still people learn to cope and comply.
We need a starting point for the legislation. Once enacted other countries
will probably follow suit with similar. If they don't treaties requiring
them to do so come to mind as a solution. If you run an ISP and really
want to be regulated, run a service regulated by a treaty. Go ahead,
oppose the legislation and force a treaty or the creation of a UN
regulatory body... Once this has begun, for many US customers blocks on
Class A blocks will be a valid solution. Some won't want that, but they
can be forced to go through a special server licensed for those class A
blocks with severe penalties for allowing content to escape. (Shades of
China and Yahoo.fr..) I already put the A Class blocks on my machines, but
still receive scads of email from senders whose IPs resolve to machines in
certain US companies (Akami, RR, Verizon, Cabvlevision, etc.). These are
the groups I am taking aim at.
I am not opposed to a small email tax. The steps I have proposed would
cost money and it has to come from somewhere. A heck of a lot of
background traffic and noise would just disappear. That might not be a bad
thing. Certainly the spammers, and those who encourage them, would then
stick out like a sore thumb and could be quickly identified and dealt with.
I waste enough time now dealing with the same junk email every day so it
is worth a dollar or two of my money each month if I thought the US senders
were going to be punished. (Don't ask me how I feel about regular snail
mail marked occupant or resident in my different PO Boxes.) Let those who
send more mail, pay more. The Internet and email is a privilege, not a
right. The old Capt. Smith attitude of "no work, no eat," or money talks.
I do regret losing free mailing lists. I was thinking if the laws were
written properly license fees could be lowered for certain groups, but soon
their lobbyists would allow them to spam as the last bulk senders left.
Banning them then would be as hard as banning charities from calling, so I
will withdraw that support. Still, all we would be doing is forcing
natural selection to rule the Internet emails. If a free email list was
popular, people would pay. It might no longer be free, but it would still
exist as a mail list. If it merely reflected one person's opinion, then
either he/she could pay, or it would perish.
Hey, none of it has to happen. It probably will (or a variant of) happen
someday however, if certain ISPs don't get off their rears and clean up
Subject: Re: Re: [Dshield] mail1.giac.net spamcop listed]
From: Chris Brenton <cbrenton at chrisbrenton.org>
Date: Tue, 16 Dec 2003 14:12:22 -0500
To: General DShield Discussion List <list at dshield.org>
Its also not real popular with the people who do not run MS and thus do
not have any of the security issues that go along with that OS. Why
should I be restricted from sending echo-request packets to hosts out on
the Internet just because an exploit was created against one vendor
product and I don't even use it.
First off, most ISPs route traffic, they don't control it. There is a
_big_ difference. In order for your above model to be correct, ISPs
would have to be doing content level checking which just does not happen
due to the speeds that traffic is routed at. Most tier 1's are pushing a
Gigabit or higher through most of their backbones. Content level
checking at that speed is inaccurate at best, breaks real services that
might not be 100% RFC at worst.
Second, ISP are not really landlords as they do not own the data, the
content, or even the end points for that matter. They are more like the
highway services that built the road that runs past the crack house.
Um, VA is not the first state to arrest a spammer, let alone convict
one. This is just the first under their new rules. Also, the Internet
expands a bit beyond the US borders so legislation does little good when
the source is Brazil, China, etc.
Again, the Internet is not just in the US so this is going to do zip.
Not to mention you are effectively saying an e-mail tax is a good idea
(I doubt licensing would be free).
You would also kill many a mailing list as you charge them more money
per subscriber. I'm not liking this idea.
More information about the list