Interesting People mailing list archives
Comcast's "Evil Bot" Scanning Project (Lauren Weinstein)
From: David Farber <dave () farber net>
Date: Sun, 11 Oct 2009 08:11:13 -0400
Begin forwarded message: From: Michael Collins <mcollins () aleae com> Date: October 10, 2009 5:10:03 PM EDT To: dave () farber net Cc: "ip" <ip () v2 listbox com>Subject: Re: [IP] Comcast's "Evil Bot" Scanning Project (Lauren Weinstein)
This is more of an inevitability than anything else. Several years ago, the Korean government decided that Spam was a national embarassment, and KISA, Korea Telecom and several other organizations joined together and started a program of highly aggressive spam filtering at the ISP level to take care of this. They published on it in FIRST '08 - ref here (http://www.cert.org/csirts/national/best_practices/2008/NationalSpamThreatMgmtSystem.pdf ).
That said, I think there's a messier problem that we're all whistling past the graveyard on here. I'm willing to bet that roughly speaking, given any IDS, spam defense or defensive measure we want to think of, a sufficiently motivated attacker can develop a mechanism for evading it and -still- turn a profit - user behavior is just too eccentric for bolt-on solutions to knock a severe dent in endlessly innovative attackers. of the four defense strategies I think we have (Policy, Architectural, Reactive, Enforcement), I think our reactive defenses are pretty much exhausted, and we're moving onto enforcement and policy mechanisms - which means that yes, ISPs are going to be stomping on people, and technically literate people are going to get stomped on more than anyone else, because we tend to wander around the stomping grounds.
So, here's the fun question - in other engineering fields, design conservatism is encouraged because real people with real lives are at stake. In network security, so far, we've basically been saved by our irrelevance. However, if we have a blood on the floor incident, is innovation worth that? Is constant spamming the price we pay for getting things like Twitter? Do we have to accept that some portion of the population will be phished[1] in order to get YouTube?
----[1] I can hear the chorus of excited voices now saying "I'm too clever to be phished!", Newton lost money in the South Seas Bubble, and he's smarter than you.[2] [2] I used the present tense intentionally. Even dead, Newton is smarter than we are. That's just how smart Newton is.[3]
[3] I've footnoted an email, God strike me down. On Oct 10, 2009, at 4:27 PM, Dave Farber wrote:
Begin forwarded message:From: Doug Humphrey <doug () joss com> Date: October 10, 2009 14:50:23 EDT To: dave () farber net Cc: ip <ip () v2 listbox com>Subject: Re: [IP] Comcast's "Evil Bot" Scanning Project (Lauren Weinstein)It might be optimal if they would lay out "policy" in two statements, one technical and one for the "masses" Of course, there would be the danger that the two would not match - the lawyers would point that out - one of the reasons that lawyers point out for "plain language contracts" not being a good idea (in their view) The "non-tech" statement is for them people who want to know how this might effect them, but are not technical and do not really have concerns on how it is implemented - they would not understand those details anyway, remember, the average Comcast customer is not on this list - and then the "tech" statement would be as much about how they would go about it as what they were trying to accomplish, so that tech savvy people could look to see if there are any side effects that they are not going to like, etc. As a former founder/owner/runner of an ISP (Digex) I can assure you that I understand both sides of this argument! doug On Oct 10, 2009, at 2:03 PM, Dave Farber wrote:Begin forwarded message:From: John Levine <johnl () iecc com> Date: October 10, 2009 13:33:21 EDT To: dave () farber net Cc: "David P. Reed" <dpreed () reed com>, lauren () vortex comSubject: Re: [IP] Re: Comcast's "Evil Bot" Scanning Project (Lauren Weinstein)I don't see where Comcast is being transparent about *how* they do this, or giving customers a chance to opt-in or -out.Right. Do you suppose there's a reason they'd rather not publish instructions to tell bot writers how to circumvent their defenses? If you're wondering how their sandbox works, look at the I-D they sent in last week.If I send a lot of email, why does that make me a "bot"? Maybe I justsend a lot of email.It doesn't. As others have noted, it's not hard to tell bot behaviorfrom heavy user behavior.But to be honest, in most markets, Comcast is the only real choice,and imposing their "features" on me might not be what I want, ...Ah yes, "ISPs musn't deal with dangerous software installed on their networks by criminals because it might, hypothetically, inconvenienceme." Get real. This is not a few script kiddies. This issophisticated criminal malware that does things like rewriting onlinebank transcations in real time to steal money from users' accounts, and DDoS ecommerce sites in extortion schemes. It would be irresponsible for large ISPs like Comcast NOT to use whatever tools they have to deal with it. R's, JohnArchivesArchives
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- Re: Comcast's "Evil Bot" Scanning Project (Lauren Weinstein) David Farber (Oct 10)
- <Possible follow-ups>
- Comcast's "Evil Bot" Scanning Project (Lauren Weinstein) Dave Farber (Oct 10)
- Comcast's "Evil Bot" Scanning Project (Lauren Weinstein) Dave Farber (Oct 10)
- Comcast's "Evil Bot" Scanning Project (Lauren Weinstein) Dave Farber (Oct 10)
- Re: Comcast's "Evil Bot" Scanning Project (Lauren Weinstein) Dave Farber (Oct 10)
- Comcast's "Evil Bot" Scanning Project (Lauren Weinstein) David Farber (Oct 11)
- Re: Comcast's "Evil Bot" Scanning Project (Lauren Weinstein) David Farber (Oct 11)
- Comcast's "Evil Bot" Scanning Project (Lauren Weinstein) David Farber (Oct 11)
- Re: Comcast's "Evil Bot" Scanning Project (Lauren Weinstein) David Farber (Oct 12)