[Dshield] Interesting Zombie Data Graphs

Chris Wright dshield at yaps4u.net
Fri Nov 11 15:43:40 GMT 2005

> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Mark
> Sent: Friday, November 11, 2005 1:36 PM
> To: list at lists.dshield.org
> Subject: [Dshield] Interesting Zombie Data Graphs
> From:	"Chris Wright" <dshield at yaps4u.net>
> Date:	Wed, 9 Nov 2005 18:51:16 -0000
> Chris wrote:
> ...snip...
> If I were to host 'kiddie porn' on my 'comcast' IP space, 
> they would come down on my like a ton of bricks.
> ...end snip... 
> Correction: the US Secret Service would come down on you like 
> a ton of bricks, not Comcast. 
> <snipped>

> Also, Comcast cannot view your "data" (the JPEG in this 
> instance) in transit. To do so is a violation of Federal Wire 
> Tapping statutes (unless they've been served with a court 
> ordered TAP). Comcast can identify traffic patterns as it 
> pertains to delivery of services, that is all they can do.


Nice follow up and I agree with you on most of it.
One thing I omitted from the original post was that I was using Comcast as
an example, and meant to mention there are more just like them. We all know
who they are.

As to the kiddie porn claim, I was trying to make the point (badly), that if
someone else reported me after find it on my 'site/pc' then action would be
taken within a very short space of time.  But when someone reports that they
have had their PC trashed by the same said PC, no action is rarely taken,
and most often these types of reports are just lost.

And in no way am I saying forget about kiddie porn, concentrate on getting
our networks secure. Far from it, but they need to take responsibility for
their networks.  Poor staffing is not an excuce.  Poor service is what
results (and of course it keeps many of us in jobs).  That one computer that
you fixed for your friend would most probably have been the cause of a lot
of other machines getting hit.  It didn't happen over night either, it
appears to have been collecting various nasties for a number of times.  I
find it hard to believe that no reports about that computer where ever made,
but I do believe that none were ever actioned.  
Disconnecting that user from the net at first sign would have saved an
awfull lot more work and or cost of downtime in the end, but they put their
own profits over all else.  So should I say, having some network is better
than having none because there is no other choice? I don't know.  But we
must make them sit up and listen somehow.  (Even though it feels like I am
shooting myself in the foot).

Right, my turn to go grab some coffee.



More information about the list mailing list