[Dshield] Idea for dealing with ISPs that ignoreabusenotificatons was RE: The Art/Tao/Zen of Abuse e-mails(Was:[Fwd: WHY IS YOURCUSTOMER...])
Tomas L. Byrnes
tomb at byrneit.net
Sun Aug 27 19:37:35 GMT 2006
I agree with a lot of what you say below, but I also think that a lot
more joe sixpacks actually DO provide services, such as bittorrent,
kazaa, skype, so they fall more and more into the lower paragraphs.
I also strongly agree with your assertions that you need to protect the
end users, if you are to protect the corporate sites. That means that a
system that provides the same kind of dynamic black-listing, based on
current threat feeds that the large companies that have security teams
and SIM/SEMs already use is needed for everyone.
I was merely pointing out that, for anyone who needed to let others in,
the static limited allow list probably wouldn't fly.
I won't even go into how unlikely it is that the average user would
actually set such filters up.
The rest of the corporate versus user responsibility for security
discussion is more political than technical. It doesn't really matter
who pays for security, to me, as long as it gets implemented. All I'm
trying to do is make it less expensive and easier for the masses to use
tools that are already available to specialists like those on this list.
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Kenneth Coney
Sent: Sunday, August 27, 2006 11:53 AM
To: list at lists.dshield.org
Subject: Re: [Dshield] Idea for dealing with ISPs that
ignoreabusenotificatons was RE: The Art/Tao/Zen of Abuse
e-mails(Was:[Fwd: WHY IS YOURCUSTOMER...])
I use the net for business purposes and definitely fall into the first
paragraph. Perhaps you mean companies that earn revenue from the net
itself? I.e., selling advertising links, or hosting a web page, etc? I
suspect a very large percentage of Internet use world wide falls into
your first paragraph. Certainly, we, from the home, users (business or
otherwise) are the spammers target, and the many home users who go on
line (for economic reasons) with their Win 95 and Win 98 machines are
frequent targets for hostile probes of their firewalls (with the target
being those with obsolete firewalls, or often no firewall at all).
Put/connect an unprotected (I include machines with Win 95 firewalls
whose software vendors unwisely decided not to offer more free upgrades
once XP came along in this category) Win 95 or Win 98 machine on the Net
and watch as it is first probed, then compromised (often within the
hour), then later used as the base for an attack on the general purpose
web servers, or mail servers.
Protecting the Joe Sixpack user is a very important part of protecting
"Mr. Corporate's servers." Somehow the Net industrialists still don't
see that, but still desire the chance to make revenue off Mr. Sixpack.
Then they cry because 10,000 machines belonging to the Joe Sixpacks of
the world are used to launch zombie DOS attacks or launch spam. [I
won't even start the diatribe about how irresponsible it is to use an
unpatched Apache v1 server or similar as a host server, which I still
see now and then.]
Re: [Dshield] Idea for dealing with ISPs that ignoreabusenotificatons
was RE: The Art/Tao/Zen of Abuse e-mails(Was:[Fwd: WHY IS
"Tomas L. Byrnes" <tomb at byrneit.net>
Sat, 26 Aug 2006 10:45:51 -0700
"General DShield Discussion List" <list at lists.dshield.org>
I think this is great, for a network that doesn't NEED to provide access
from the broader Internet on a non-prior contact basis (like your home
PC, or a small company that uses outsourced e-Mail).
But it doesn't work at all for general purpose web servers, or mail
servers where you actually may want to hear from people you've never
heard from before.
Both those criteria apply to just about anyone who uses the 'net for
SANS Network Security 2006 - Las Vegas NV October 1st-9th.
Wide selection of 1-6 Day Courses. Top Instructors!
Details: isc.sans.org/clickcount.php?ad=1 (use Brochurcode "ISC")
"Best IT Security return on Investment" (Mario Chiock, Schlumberger)
More information about the list