Dailydave mailing list archives
ISP's regulating criminals
From: robert () dyadsecurity com
Date: Tue, 7 Dec 2004 11:10:31 -0800
Security Wire Perspectives(searchSecurity () lists techtarget com)@Mon, Dec 06, 2004 at 11:30:29AM +0000:
*PHISHING REELS IN BIG BUCKS FROM ENTERPRISES By Ira Winkler, CISSP
As I mention in my Winkler Act article [http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1020238,00.html?track=NL-358&ad=498983 ], ISPs should be required to better detect when zombie computers [that enable spam and phishing attacks] are sitting on their networks. I know that ISPs are considered a "Publisher" under certain laws. It does not, however, mean that they have to be stupid and let their storage and bandwidth be used by criminals.
On a technical level... what exactly would you say constitutes a "zombie computer"? How do you measure malice? If you want to have some fun sometime, take a look at the http://www.dshield.org/ and http://www.mynetwatchman.com/ projects. If you can spoof an IP address, you can get any IP you want listed in both databases as an attacker. You can do this with nothing more than a UDP probe or TCP SYN probe. If you keep up the spoofed port scan, I'd bet you could actually get your victim's ISP to pull the plug on them for being a "zombie computer". On a side note, it is very interesting to see that while you can get dshield and sans IP's listed in mynetwatchman, and mynetwatchman IP's listed in dshield, both projects are arrogant enough to never list themselves as attackers. Robert -- Robert E. Lee CTO, Dyad Security, Inc. W - http://www.dyadsecurity.com E - robert () dyadsecurity com M - (949) 394-2033 _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- ISP's regulating criminals robert (Dec 07)
- Re: ISP's regulating criminals Paul Wouters (Dec 07)