Re: RPAT - Realtime Proxy Abuse Triangulation

[Greg Barnes <greg () ins com>]

Hi Jay,

Comments inline...

Saturday, December 28, 2002, 12:51:09 AM, you wrote:
JDD> -----BEGIN PGP SIGNED MESSAGE-----
JDD> Hash: SHA1

JDD> On Fri, 27 Dec 2002, Stephen P. Berry wrote: 

> > Funny that everyone seems to be hung up on the question of whether or
> > not reciprocal scans are -legal-.  Howzabout this one:  Even if scanning
> > spam relays is -legal-, is it ethical? 

JDD>         Such a practice strikes me as teleologically ethical[1].  A system

Technologically Ethical?  Is that like 'technically
honest' but not honest by any other definition?

JDD> is being abused and we recipient systems are paying the canonical price
JDD> for it.  And since we bear the cost of someone else's irresponsibility, we
JDD> have both the right and the responsibility to pick up the slack created by
JDD> the other party so that other systems do not receive the same net.abuse
JDD> ours have.

This would be true if you represented an extension of
law enforcement.

JDD>         The only thing that would color such a practice as even remotely
JDD> unethical would be later utilization of such findings for the purpose of
JDD> further spamming or other nefarious conduct.

Who defines nefarious?  The rule of law defines it.
And there are agencies established for the purpose
of enforcing the law.  I can't believe this is even
a question here...

JDD>         As a rule, when my systems are spammed via an open relay, I do
JDD> indeed perform open relay tests on the offending system to confirm that
JDD> the relayed spam is genuine or trivially spoofed[2].  With those findings,

So how does one justify any scanning beyond that
which is required to determine the source
of a problem in the course of one's day to day duties,
and furthermore with the end goal of notifying the
cognizant authority of the offense?

JDD> I file my reports with the cognizant admins and/or upstream providers so
JDD> that an end may be put to that nonsense.

All well and good, but again - to what end, the additional scanning?

JDD> - -Jay

JDD> 1.  I don't subscribe to deontological ethics.  Even when I was a lad I
JDD>     never regarded "because I said so" as a valid rationale for anything.
JDD> 2.  Old Sun Microsystems SMI 8.6 MTAs will accept any HELO statement and
JDD>     not log the IP, which caused all manner of spammer mischief.

JDD>    (    (                                                         _______
JDD>    ))   ))   .-"There's always time for a good cup of coffee."-.   >====<--.
JDD>  C|~~|C|~~| (>------ Jay D. Dyson - jdyson () treachery net ------<) |    = |-'
JDD>   `--' `--'  `How about a 10-day waiting period on YOUR rights?'  `------'

JDD> -----BEGIN PGP SIGNATURE-----
JDD> Version: GnuPG v1.0.7 (TreacherOS)
JDD> Comment: See http://www.treachery.net/~jdyson/ for current keys.

JDD> iD8DBQE+DUniTqL/+mXtpucRApOlAKDFuMLEvKwX11Toknd0hSFxImXJ/gCeOl1a
JDD> Kmj84nr7KbWgxmjafsVZDm0=
JDD> =Y1yR
JDD> -----END PGP SIGNATURE-----


JDD> ----------------------------------------------------------------------------
JDD> This list is provided by the SecurityFocus ARIS analyzer service.
JDD> For more information on this free incident handling, management 
JDD> and tracking system please see: http://aris.securityfocus.com


-

Regards,

Greg

PGP Fingerprint:
723E 7CAD 4EF5 D904 1EE8  5279 71A5 A594 E6A7 C48E


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com