Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: RPAT - Realtime Proxy Abuse Triangulation
.

  • To: "Jay D. Dyson" <[EMAIL PROTECTED]>
  • Subject: Re: RPAT - Realtime Proxy Abuse Triangulation
  • From: Greg Barnes <[EMAIL PROTECTED]>
  • Date: Mon, 30 Dec 2002 22:05:11 +0100
  • In-reply-to: <[EMAIL PROTECTED]>
.
 
And so I learn!!

BTW - HUGE thanks for the clarification on ethics.

More comments inline.


Monday, December 30, 2002, 1:45:35 PM, you wrote:
JDD> -----BEGIN PGP SIGNED MESSAGE-----
JDD> Hash: SHA1

JDD> On Mon, 30 Dec 2002, Greg Barnes wrote: 

>> JDD> Such a practice strikes me as teleologically ethical[1].  A system
>> 
>> Technologically Ethical?  Is that like 'technically honest' but not
>> honest by any other definition? 

JDD>         No.  There are two primary camps in ethics: deontological and
JDD> teleological.  Deontological holds that all ethical constructs are
JDD> absolute and unwavering, regardless of circumstance.  These rules are
JDD> typically given to humanity by a deity or some other authority. 
JDD> Teleological ethics holds that all ethical proscriptions arise from value
JDD> assessments of undesirable consequences that come from unethical actions.
JDD> Teleological ethics also hold that the quality of an otherwise seeming
JDD> transgression is mitigated by both intent and outcome. 

JDD>         To bust it down in the simplest terms for an example: it is wrong
JDD> to lie.  But if I was harboring Jews from the Nazis during WWII and the
JDD> Nazis asked me if I had seen any Jews and I told them I hadn't, then I
JDD> would have lied.  That lie, while deontologically unethical, was
JDD> teleologically ethical.

Again, thanks for the clarification.  And now that I understand the
difference between the two ethical camps, I know enough to know
that I will be more careful when answering questions regarding
the ethics of an action/inaction in the future.

>> JDD> is being abused and we recipient systems are paying the canonical
>> JDD> price for it.  And since we bear the cost of someone else's
>> JDD> irresponsibility, we have both the right and the responsibility to
>> JDD> pick up the slack created by the other party so that other systems
>> JDD> do not receive the same net.abuse ours have.
>> 
>> This would be true if you represented an extension of law enforcement. 

JDD>         Actually, your assessment is inaccurate.  Law enforcement is far
JDD> more constrained in their sanctioned actions than the laity.  I, for
JDD> example, can engage in dumpster diving at will to find information I need. 
JDD> Law enforcement cannot do so without the blessing of the courts.

And this is precisely because it is illegal.  I'm not a lawyer
(or an ethics expert !clearly!) but perusing other people's
property appears to fall into one of the camps you describe
earlier...So, I have to ask myself, by what standard, and by
whom will I be judged?

And that's the standard I will apply (I'm assuming only one
will apply here, and if more than one applies, I have to make
a value judgement right?).

>> JDD> The only thing that would color such a practice as even remotely 
>> JDD> unethical would be later utilization of such findings for the
>> JDD> purpose of further spamming or other nefarious conduct.
>> 
>> Who defines nefarious?

JDD>         Simple.  Anything you'd do that would not make your mother proud.
JDD> ;)  But seriously, we don't need to define was 'is' is here.  Nefarious is
JDD> simply a cute word I use to entail further net.abuse.

>> The rule of law defines it.  And there are agencies established for the
>> purpose of enforcing the law.

JDD>         And while many an agent in said agencies are good people doing
JDD> good work, the reality is that agencies are bureaucracies.  And as
JDD> bureaucracies, they move at a positively glacial pace...and with the rapid
JDD> pace of the 'net, their involvement is not simply impractical, it's
JDD> counterproductive.  The net.realities of today have simply outpaced the
JDD> laws provided by the legislature.  Thus, relying on old (and increasingly
JDD> archaic) laws and agencies for definition and handling of genuine
JDD> net.realities is kludgy at best, silly at worst. 

>> JDD> As a rule, when my systems are spammed via an open relay, I do
>> JDD> indeed perform open relay tests on the offending system to confirm
>> JDD> that the relayed spam is genuine or trivially spoofed[2].  With
>> JDD> those findings,
>> 
>> So how does one justify any scanning beyond that which is required to
>> determine the source of a problem in the course of one's day to day
>> duties

JDD>         All scanning is done from a "rule out" standpoint.  I rule out
JDD> other possible explanations [spoofing, forgery, misconfigured MTA data] as
JDD> it pertains to the spam that appears to have come from an open relay or
JDD> proxy and then gather the data.  Once that's done, a fairly clear picture
JDD> of what's what has emerged.

Ahh, so we're on the same page.  We're not talking about
scanning 65k ports then (for example)...I guess I misunderstood.

>> and furthermore with the end goal of notifying the cognizant authority
>> of the offense? 

JDD>         Whenever my systems are attacked, I take it upon myself to
JDD> accumulate all evidence necessary to present to the cognizant admin of the
JDD> offending system.  My reasons are twofold: first, they can use the
JDD> information to compare to their own logs (rather than go on a large
JDD> fishing expedition), and that saves time; second, I've met more than my
JDD> fair share of "admins" who couldn't find their butt with both hands.
JDD> Those folks need a *lot* of hand-holding in order to bring the net.abuse
JDD> to a conclusion.

>> JDD> I file my reports with the cognizant admins and/or upstream
>> JDD> providers so that an end may be put to that nonsense.
>> 
>> All well and good, but again - to what end, the additional scanning?

JDD>         I'm not sure what you mean.  I don't keep on scanning every system
JDD> that's poked, prodded or spammed mine after I've gathered the information
JDD> I require.  Hell, if I did that, I wouldn't have time to do anything else. 

heheheh.  So let it be written then.  Thanks for the response!!

JDD> - -Jay

JDD>    (    (                                                         _______
JDD>    ))   ))   .-"There's always time for a good cup of coffee."-.   >====<--.
JDD>  C|~~|C|~~| (>------ Jay D. Dyson - [EMAIL PROTECTED] ------<) |    = |-'
JDD>   `--' `--'  `How about a 10-day waiting period on YOUR rights?'  `------'

JDD> -----BEGIN PGP SIGNATURE-----
JDD> Version: GnuPG v1.0.7 (TreacherOS)
JDD> Comment: See http://www.treachery.net/~jdyson/ for current keys.

JDD> iD8DBQE+EKJkTqL/+mXtpucRAkMHAJ9roysRFsNI0t2z874ID5xjIfgSZgCeM7vY
JDD> m5AmsjNb4QAmxoKOg71SKOA=
JDD> =TL7v
JDD> -----END PGP SIGNATURE-----


-

Regards,

Greg

PGP Fingerprint:
723E 7CAD 4EF5 D904 1EE8  5279 71A5 A594 E6A7 C48E


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.