[Dshield] Users don't pay attention
Clinton E. Troutman
troutman at mesh.net
Sat Aug 20 19:24:45 GMT 2005
On Saturday 20 August 2005 13:17, admin wrote:
> First, if the ISP's in the US aren't careful and don't start doing some
> proactive things voluntarily the Congress will get evolved and really
> F... things up for them and us.
That is an entirely different discussion involving US Congress inserting
themselves in areas they should never be... steroid use in baseball,
internet traffic, and many other areas in which they are wresting control
away from its rightful overseers. But, as I said, a whole 'nother
> Second, as with health care and a lot of other things Canada and
> Canadian ISP's are a lot further ahead of the wave than the US. I have
> SBC Yahoo DSL and Yahoo does provide 1) Anti-Virus, 2) Parental Control,
> 3) Pop Up Blocker, and 4) Anti-Spy programs for download from their
> site. You have to look pretty hard to find the stuff but it is there. I
> like ZoneAlarm with AntiVirus a lot as it provides a pretty good Client
> Firewall for all versions of Windows not just XP. A note, SBC Yahoo only
> provides these packages if you are using Internet Explorer.
As those are provided for use "if you wish to use them", I certainly have no
problem with that.
> Blocking some ports would indeed help the current situation. I have a
> static DSL and would be a little unhappy if I couldn't use port 25, but
> if that really helped the SPAM situation I could live with using my
> ISP's SMTP server for outgoing mail.
> I also can not think of a really good reason not to block ports 135,
> 136, 139, and 445. These are local network (LAN) services and have no
> real reason to be on a WAN (I could be wrong and would like to hear why
> if I am).
Certainly, blocking any ports that are intended for local use only makes
sense. But you can do that yourself and do not require the ISP to do it for
you. A given OS or environment should be able to accept connections only
from local sources for local services (read, firewall not necessary; built
> I have recently read about Microsoft's HoneyMonkey project which is more
> the type of thing I was originally thinking about when I first posted
> this thread. It seems to me that ISP's could identify traffic on their
> networks and pin-point the senders without too much effort. I also think
> that most of the work could be automated. If a user is found to have a)
> a zombie system or b) sending out abusive (worm, virus, Trojan, SPAM)
> material the automated system could disconnect that user after sending
> them an email (and maybe snail mail also) explaining the problem and how
> to fix it and get reconnected.
The "blatantly obvious behavior is flagged" was intended to indicate what
you are talking about here. I agree that should be easily handled and
mitigated at the ISP.
> The problem is that even when ISP's receive notification via their
> abuse@ addresses they seldom do anything about it. I think they had
> better start doing a more responsible job or they will be forced to by
Personally, I expect that is due to an overabundance of reporting both real
and malicious by persons both knowledgable and not. Along with a difficulty
on the ISP's end in determining what should be classed as abuse (AUP
> Maybe I am wrong but I think the problem has gotten big
> enough that politicians will soon start coming up with their usual
> knee-jerk (with the ascent on the jerk) solutions and that will be bad
> for everyone involved. If politicians get involved we will surely get
> stupid solutions and TAXES to defray the cost of the bureaucracy needed
> to implement them (look at the situation with airlines today).
Yep, probably so. Especially in the current environment of congressional
> It seems to me that with all the expertise here and else ware the
> community could come up with a self regulated Internet that would work
I would certainly hope so. However, the problem is exacerbated by the
ability to maliciously report folks that piss you off; either manually or
automated. Perhaps if there was a penalty for malicious/fallacious
reporting, that would be the best start to help the situation.
Clinton E. Troutman
Independent Computer Consultant for Home,
Home Office, and Small Business in Fort Worth, Texas
More information about the list