ISP's regulating criminals

[robert () dyadsecurity com]

Security Wire Perspectives(searchSecurity () lists techtarget com)@Mon, Dec 06, 2004 at 11:30:29AM +0000:
> *PHISHING REELS IN BIG BUCKS FROM ENTERPRISES
> By Ira Winkler, CISSP

> As I mention in my Winkler Act article
> [http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1020238,00.html?track=NL-358&ad=498983
> ], ISPs should be required to better detect when zombie computers
> [that enable spam and phishing attacks] are sitting on their networks.
> I know that ISPs are considered a "Publisher" under certain laws. It
> does not, however, mean that they have to be stupid and let their
> storage and bandwidth be used by criminals.

On a technical level... what exactly would you say constitutes a "zombie
computer"?  How do you measure malice?

If you want to have some fun sometime, take a look at the
http://www.dshield.org/ and http://www.mynetwatchman.com/ projects.  If
you can spoof an IP address, you can get any IP you want listed in both
databases as an attacker.  You can do this with nothing more than a UDP
probe or TCP SYN probe. If you keep up the spoofed port scan, I'd bet
you could actually get your victim's ISP to pull the plug on them for
being a "zombie computer".

On a side note, it is very interesting to see that while you can get
dshield and sans IP's listed in mynetwatchman, and mynetwatchman IP's
listed in dshield, both projects are arrogant enough to never list
themselves as attackers.

Robert

-- 
Robert E. Lee
CTO, Dyad Security, Inc.
W - http://www.dyadsecurity.com
E - robert () dyadsecurity com
M - (949) 394-2033
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave