[Dshield] mail1.giac.net spamcop listed]

Kenneth Coney superc at visuallink.com
Wed Dec 17 16:46:01 GMT 2003

Let's understand MS attitudes toward security and potential abuse in years 
past is a big part of the problem.  The (architects) people who wrote the 
Internet Protocols are also a big part of the problem because security 
wasn't on their radar.  Time was when certain people were praised for 
writing pop up advertising software and their corporate stocks were hot for 
a week or two until the product began to be used.  However, there can be no 
denying that IBM and MS won the computer wars of the 80s.. Their machines 
(or descendants of) and software dominate the Internet.  That "one vendor" 
is what?  80$ of US use?  Its not "an exploit," it is hundreds of exploit 
schemes against the entire range of products from that one vendor, who 
happens to be the maker of the dominant Internet product.  I don't need to 
know what other products a non MS consumer has to know there is at least 
one exploit already out there for that product too.  Please recall that 
each "new" vulnerability MS releases on their monthly schedule is a 
vulnerability that has existed since their first release of the product. 
[Given the size of some of their recent patches and the MS reluctance to 
publicly discuss what is in them and why they are so large, I suspect some 
of the patches themselves contain vulnerabilities that are exploitable to 
someone on the inside.]  In many cases, some, both in and out of MS, have 
known of the vulnerabilities of original software for years and years. 
Some have been quietly exploiting them for years.  No doubt some of the 
vulnerabilities to be released in the months to come will also already be 
known or already exploitable to some.  Draconian preventive measures 
against the exploiters are called for.  Those who chose another vendor, 
like those who invested heavily in Atari or Commodore Amiga or IBM series 2 
systems in the early days will either just have to follow the crowd, or 
else convince the crowd to change their purchasing habits by showing a 
better product.

I don't see myself as calling for a ban on echo request packets to hosts 
with whom you or your organization has a relationship with.  I do call for 
a ban on pinging entire blocks for no good reason.  To me it is analogous 
to kids running through an apartment building ringing every door bell. 
They got banned too.  Sometimes when grownups ring doorbells it is a 
prelude to an intrusion if no one is home or the door is open.  Attacks 
often follow pings.  The people that send them need to be treated the same 
way someone walking down the street randomly ringing doorbells is treated.

Being a landlord doesn't normally require ownership of the furniture 
(data), or the dishes (content) either (furnished rooms excepted).  Still 
he/she is responsible for ensuring the safety of the occupants and making 
sure the premises aren't a general nuisance to the community at large.  The 
machines that run server programs are real property.  They are physical, 
and they can be touched.  Therefore, if the law permits, they can be 
seized, sold or destroyed, just like a building or a car.  The landlord 
analogy is very applicable.  Your claim that the providers should be viewed 
in the same light as those who build a road is wrong.  Microsoft, Unix, 
IBM, Honeywell and a host of other machine retailers get that position, as 
do the software architects who wrote the programs.  Not the end purchasers 
of the machines (roads), they became landlords.

I agree that my approach requires the ISP owners to do some work for their 
money.  No doubt some would rather get out of the business.  Mach Nichts or 
who cares?  Someone else will replace them.  The same thing happened in the 
US when sprinkler and smoke detector laws were passed.  Some landlords got 
out of the business, others spent the money and installed the sprinklers 
and smoke detectors.  Tier 1's probably wouldn't have to do much content 
checking to determine the origin point and number of emails.  Since many 
are lunging towards content checkers anyway (i.e., spamassasin, spamkiller, 
postini, etc.) that argument becomes specious.  (Privately, I don't like 
the filters because the concept is only a small step away from political 
content filtering and people watching, and some have probably already taken 
the step, even if only to watch.  Some emails go through multiple content 
filters before arriving at the end recipient.  I am sure not all leave 
header trails.)  A simple counting program with a log to be checked 
periodically would show where thousands of emails are originating from. 
Now granted, some machine owners might not know their machines were 
generating the emails, and being contacted by the local email licensing 
authority would be about as welcome as a surprise visit from a building or 
health inspector.  Still people learn to cope and comply.

We need a starting point for the legislation.  Once enacted other countries 
will probably follow suit with similar.  If they don't treaties requiring 
them to do so come to mind as a solution.  If you run an ISP and really 
want to be regulated, run a service regulated by a treaty.  Go ahead, 
oppose the legislation and force a treaty or the creation of a UN 
regulatory body...  Once this has begun, for many US customers blocks on 
Class A blocks will be a valid solution.  Some won't want that, but they 
can be forced to go through a special server licensed for those class A 
blocks with severe penalties for allowing content to escape.  (Shades of 
China and Yahoo.fr..)  I already put the A Class blocks on my machines, but 
still receive scads of email from senders whose IPs resolve to machines in 
certain US companies (Akami, RR, Verizon, Cabvlevision, etc.).  These are 
the groups I am taking aim at.

I am not opposed to a small email tax.  The steps I have proposed would 
cost money and it has to come from somewhere.  A heck of a lot of 
background traffic and noise would just disappear.  That might not be a bad 
thing.  Certainly the spammers, and those who encourage them, would then 
stick out like a sore thumb and could be quickly identified and dealt with. 
  I waste enough time now dealing with the same junk email every day so it 
is worth a dollar or two of my money each month if I thought the US senders 
were going to be punished.  (Don't ask me how I feel about regular snail 
mail marked occupant or resident in my different PO Boxes.)  Let those who 
send more mail, pay more.  The Internet and email is a privilege, not a 
right.  The old Capt. Smith attitude of "no work, no eat," or money talks.

I do regret losing free mailing lists.  I was thinking if the laws were 
written properly license fees could be lowered for certain groups, but soon 
their lobbyists would allow them to spam as the last bulk senders left. 
Banning them then would be as hard as banning charities from calling, so I 
will withdraw that support.  Still, all we would be doing is forcing 
natural selection to rule the Internet emails.  If a free email list was 
popular, people would pay.  It might no longer be free, but it would still 
exist as a mail list.  If it merely reflected one person's opinion, then 
either he/she could pay, or it would perish.

Hey, none of it has to happen.  It probably will (or a variant of) happen 
someday however, if certain ISPs don't get off their rears and clean up 
their act.

Subject: Re: Re: [Dshield] mail1.giac.net spamcop listed]
From: Chris Brenton <cbrenton at chrisbrenton.org>
Date: Tue, 16 Dec 2003 14:12:22 -0500
To: General DShield Discussion List <list at dshield.org>

Its also not real popular with the people who do not run MS and thus do
not have any of the security issues that go along with that OS. Why
should I be restricted from sending echo-request packets to hosts out on
the Internet just because an exploit was created against one vendor
product and I don't even use it.

First off, most ISPs route traffic, they don't control it. There is a
_big_ difference. In order for your above model to be correct, ISPs
would have to be doing content level checking which just does not happen
due to the speeds that traffic is routed at. Most tier 1's are pushing a
Gigabit or higher through most of their backbones. Content level
checking at that speed is inaccurate at best, breaks real services that
might not be 100% RFC at worst.

Second, ISP are not really landlords as they do not own the data, the
content, or even the end points for that matter. They are more like the
highway services that built the road that runs past the crack house.

Um, VA is not the first state to arrest a spammer, let alone convict
one. This is just the first under their new rules. Also, the Internet
expands a bit beyond the US borders so legislation does little good when
the source is Brazil, China, etc.

Again, the Internet is not just in the US so this is going to do zip.
Not to mention you are effectively saying an e-mail tax is a good idea
(I doubt licensing would be free).

You would also kill many a mailing list as you charge them more money
per subscriber. I'm not liking this idea.


More information about the list mailing list