Re: blackholing t-dialin.net? sympatico.ca?

[Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>]

On Thu, 8 Mar 2001, Robert G. Ferrell wrote:

[snip]

> what you have effectively accomplished is to elevate the script kiddie
> from a mere port scanner to the instigator of large scale denial of
> service attack (depending, of course, on how far upstream you
> institute the blacklist).

not quite. they can't see me, fine. legit customers and the few bad apples
can't see me. i *hope* the legit customers bitch and moan at the ISPs that
have dialups blacklisted, inquire why the hell they can't connect to sites
and this pressure forces the ISP to start reacting. and reacting in a
timely fashion.

> This is a difficult issue, admittedly, but my personal belief is that
> putting up with people rattling the doors in your neighborhood is on
> the whole preferable to cordoning off the entire block.

take this analogy one step further, this is essentially moving, in some
ways, to a gated community, and in others to profiling. i'm not in favor
of profiling, and gated communities give me the willies, but i am just
wondering if its worth it to start raising the issue, like i described
above, and force the ISPs to evaluate their practices.

in a nutshell, i've heard two lines here so far: sympatico and t-dialin
service HUGE portions of their respective countries (Canada and Germany).
i have colleagues in those countries, and i really like Canada (haven't
yet been to Germany). however, let's face it: problem areas are problem
areas.

i don't hesitate to screen dialup SMTP access from uu.net, it's cut down
on my spam tremendously. why not go a step further and start blocking the
whole dialup ranges of networks that have demonstrated, in my experience,
a lack of resolve in responding to reports?

while some of you have heard back from t-dialin or sympatico in a timely
fashion, i haven't. t-dialin DOESN'T send anything but an autoreply, and
sympatico took four months on the last note i sent them. that's not too
impresive in my book.

getting back to the largeness of those networks, is it that they're just
SO huge, and cutting their margins SO thin that they can't afford to go
digging up dialin logs on every portscan report? probably. i see this
also, here in the US, with ATT's network and Sprint's network, among
others. i know many of you do, too. i guess this is the larger question:
if i can get/steal/abuse a dialup connection from a large carrier with
impunity, what the hell am i doing wearing a white hat in this too often
boring job?

thanks, i hope my rhetoric isn't (too) inflammatory. i only wanted to
start discussing these questions (large ISP's and their reactions, and is
it worth it to start blackholing dialup lines). i appreciate the
professionalism we've so far maintained, i'm not interested in a flamewar,
and i bet none of you are, either.

____________________________
jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)