Re: SPEWS?

["Steven J. Sobol" <sjsobol () JustThe net>]

On Thu, 20 Jun 2002, Andy Johnson wrote:

>     Doesn't anyone see the irony here? Fighting abuse with abuse is somewhat
> counter-productive.

*Spamming* or launching a DoS attack in response to spam is definitely
abusive. I understand your point here. I don't think it's an invalid one.
I do believe that whether escalations are abusive is a question that is
open to debate. Indeed, I believe the question *should* be debated.

>     This all boils down to more or less the user missing/not receiving an
> important email. So by blacklisting a netblock which originated SPAM, and
> more importantly, its neighbors (or in SPEWS case, the entire AS and
> netblocks announced from it), you are preventing valid emails from being
> delivered. So SPEWS is just as guilty of depriving people of their mail as
> spammers are IMO.

Which is more important? The right to express yourself or the right for
a property owner to protect his property? I've always claimed that 
property rights trump free-speech rights, and where spam is concerned,
the courts have agreed with me (e.g. the AOL case and the CompuServe
case against Sanford Wallace back in the mid-1990's). 

Now, the big question with blocking is whether or not your users are aware
of the blocking happening. In a service-provider environment, a good
network admin will make his customers aware of the blockage and either
have them agree to it or allow them to turn it off. But that is not a 
moral or ethical issue. That's a contractual issue. If the provider is
arbitraily blocking stuff without telling his customers, yes, that can
be said to be a moral or ethical issue, but I make the assumption, for
the sake of this particular thread, that the customers know what's going 
on.

As to whether it's counter-productive, again, whether or not it is is 
based in large part on whether or not the customers have agreed to it.
My opinion is that the end-users *must* always have final say over what is
blocked or not blocked.

>     Regarding your last comment, when tracking down and filtering a DoS, do
> you filter just the offending IP space, or ALL netblocks announced by that
> AS?

Neither; I don't run any devices that need to speak BGP. If I did, I'd
start by filtering the offending IPs only. If I still saw attacks coming
from elsewhere in the ISP's netspace I would broaden the range of the 
blocks.

-- 
Steve Sobol, CTO  JustThe.net LLC, Mentor On The Lake, OH  888.480.4NET
- I do my best work with one of my cockatiels sitting on each shoulder -
6/4/02:A USA TODAY poll found that 80% of Catholics advocated a zero-tolerance 
stance towards abusive priests. The fact that 20% didn't, scares me...