Security Incidents mailing list archives
Re: RPAT - Realtime Proxy Abuse Triangulation
From: Greg Barnes <greg () ins com>
Date: Mon, 30 Dec 2002 13:06:35 -0600
Hi Jay, Comments inline... Saturday, December 28, 2002, 12:51:09 AM, you wrote: JDD> -----BEGIN PGP SIGNED MESSAGE----- JDD> Hash: SHA1 JDD> On Fri, 27 Dec 2002, Stephen P. Berry wrote:
Funny that everyone seems to be hung up on the question of whether or not reciprocal scans are -legal-. Howzabout this one: Even if scanning spam relays is -legal-, is it ethical?
JDD> Such a practice strikes me as teleologically ethical[1]. A system Technologically Ethical? Is that like 'technically honest' but not honest by any other definition? JDD> is being abused and we recipient systems are paying the canonical price JDD> for it. And since we bear the cost of someone else's irresponsibility, we JDD> have both the right and the responsibility to pick up the slack created by JDD> the other party so that other systems do not receive the same net.abuse JDD> ours have. This would be true if you represented an extension of law enforcement. JDD> The only thing that would color such a practice as even remotely JDD> unethical would be later utilization of such findings for the purpose of JDD> further spamming or other nefarious conduct. Who defines nefarious? The rule of law defines it. And there are agencies established for the purpose of enforcing the law. I can't believe this is even a question here... JDD> As a rule, when my systems are spammed via an open relay, I do JDD> indeed perform open relay tests on the offending system to confirm that JDD> the relayed spam is genuine or trivially spoofed[2]. With those findings, So how does one justify any scanning beyond that which is required to determine the source of a problem in the course of one's day to day duties, and furthermore with the end goal of notifying the cognizant authority of the offense? JDD> I file my reports with the cognizant admins and/or upstream providers so JDD> that an end may be put to that nonsense. All well and good, but again - to what end, the additional scanning? JDD> - -Jay JDD> 1. I don't subscribe to deontological ethics. Even when I was a lad I JDD> never regarded "because I said so" as a valid rationale for anything. JDD> 2. Old Sun Microsystems SMI 8.6 MTAs will accept any HELO statement and JDD> not log the IP, which caused all manner of spammer mischief. JDD> ( ( _______ JDD> )) )) .-"There's always time for a good cup of coffee."-. >====<--. JDD> C|~~|C|~~| (>------ Jay D. Dyson - jdyson () treachery net ------<) | = |-' JDD> `--' `--' `How about a 10-day waiting period on YOUR rights?' `------' JDD> -----BEGIN PGP SIGNATURE----- JDD> Version: GnuPG v1.0.7 (TreacherOS) JDD> Comment: See http://www.treachery.net/~jdyson/ for current keys. JDD> iD8DBQE+DUniTqL/+mXtpucRApOlAKDFuMLEvKwX11Toknd0hSFxImXJ/gCeOl1a JDD> Kmj84nr7KbWgxmjafsVZDm0= JDD> =Y1yR JDD> -----END PGP SIGNATURE----- JDD> ---------------------------------------------------------------------------- JDD> This list is provided by the SecurityFocus ARIS analyzer service. JDD> For more information on this free incident handling, management JDD> and tracking system please see: http://aris.securityfocus.com - Regards, Greg PGP Fingerprint: 723E 7CAD 4EF5 D904 1EE8 5279 71A5 A594 E6A7 C48E ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: RPAT - Realtime Proxy Abuse Triangulation, (continued)
- Re: RPAT - Realtime Proxy Abuse Triangulation Mathias Wegner (Dec 27)
- Re: RPAT - Realtime Proxy Abuse Triangulation Jay D. Dyson (Dec 27)
- Re: RPAT - Realtime Proxy Abuse Triangulation Kevin Reardon (Dec 27)
- RE: RPAT - Realtime Proxy Abuse Triangulation Rob Shein (Dec 30)
- Re: RPAT - Realtime Proxy Abuse Triangulation Greg Barnes (Dec 30)
- Re: RPAT - Realtime Proxy Abuse Triangulation Mathias Wegner (Dec 27)
- Re: RPAT - Realtime Proxy Abuse Triangulation Gary Flynn (Dec 30)
- RE: RPAT - Realtime Proxy Abuse Triangulation Rob Shein (Dec 30)
- Re: RPAT - Realtime Proxy Abuse Triangulation Syzop (Dec 30)
- Re: RPAT - Realtime Proxy Abuse Triangulation Greg Barnes (Dec 30)
- Re: RPAT - Realtime Proxy Abuse Triangulation Jay D. Dyson (Dec 30)
- Re: RPAT - Realtime Proxy Abuse Triangulation Greg Barnes (Dec 30)
- Virus? Trojan? David Gillett (Dec 30)
- Re: Virus? Trojan? Peter Kruse (Dec 30)