[102409] in North American Network Operators' Group
Re: IBM report reviews Internet crime
daemon@ATHENA.MIT.EDU (J. Oquendo)
Tue Feb 12 14:27:41 2008
Date: Tue, 12 Feb 2008 14:26:14 -0500
From: "J. Oquendo" <sil@infiltrated.net>
To: michael.dillon@bt.com
CC: nanog@nanog.org
In-Reply-To: <D03E4899F2FB3D4C8464E8C76B3B68B001F2B8EB@E03MVC4-UKBR.domain1.systemhost.net>
Errors-To: owner-nanog@merit.edu
This is a cryptographically signed message in MIME format.
--------------ms050904040303070400040302
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
michael.dillon@bt.com wrote:
>
> vendor patches. [suggests that ISPs need to be proactive about detecting
> and blocking compromised machines]
This I've seen suggested for a while yet I've seen many here shun the
idea. "If we force someone who doesn't know they'll jump ship elsewhere
in droves" seemed to be the consensus. How about "if some acted as a
*group* and did not allow an uber infected machine from your client to
get on a network.
"Sorry we don't your $20.00 per month since its costing us 3 calls to
tech support per month, we're getting overwhelmed with emailed
complaints your machine is sending spam..." And so on. Wait, not
feasible, instead of thinking about this logically it for a second, its
likely some would focus more on countering it with an argument.
> [If you still distribute any kind of software kits that do not install
> FireFox, you are doing your customers a disservice and making your
> detection and blocking task that much bigger. When you contact customers
> with compromised machines you might want to make it mandatory to install
> Firefox from your servers before re-enabling Internet access]
Agree, and disagree. When I am on Windows, I loathe using the newer
versions of Firefox. Its become such a resource hog its scary. I've
resorted to Opera. So you push them to Firefox anyway, what now, there
are still countless amounts of vulnerabilities for FF many not even
seen. Because the security industry has some numbers on vulnerabilities
for Mozilla, what about the unknowns? What about the spambot
herder/hoarder criminals who don't distribute code.
> [Suggests that NANOG members need to raise the bar considerably to clean
> up their own backyard. What do you know about your own Internet peering
> partners?]
Are you suggesting that if peers don't clean up their act they should be
de-peered? I'd like to see that happen even for a day and watch a large
portion of the net crumble. I could point out off the top of my head
about a dozen dirty peers and I mean extremely dirty, who would never be
de-peered. Money talks
> [This suggests that targetting these specific attack vectors could clean
> up a significant amount of the problem and correspondingly recduce your
> costs for detection and blocking of compromised machines.]
>
That would mean work. It would also mean the time alloted to focusing on
how to fix it would be taken away from the time it takes to
counter-argue your points.
--
====================================================
J. Oquendo
SGFA #579 (FW+VPN v4.1)
SGFE #574 (FW+VPN v4.1)
wget -qO - www.infiltrated.net/sig|perl
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF684C42E
--------------ms050904040303070400040302
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIRDDCC
BIowggNyoAMCAQICECf06hH0eobEbp27bqkXBwcwDQYJKoZIhvcNAQEFBQAwbzELMAkGA1UE
BhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDAeFw0w
NTA2MDcwODA5MTBaFw0yMDA1MzAxMDQ4MzhaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMC
VVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5l
dHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVRO
LVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWlsMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjmFpPJ9q0E7YkY3rs3BYHW8OWX5ShpHornMSMxqmNVN
NRm5pELlzkniii8efNIxB8dOtINknS4p1aJkxIW9hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQy
lbsMTzC9mKALi+VuG6JG+ni8om+rWV6lL8/K2m2qL+usobNqqrcuZzWLeeEeaYji5kbNoKXq
vgvOdjp6Dpvq/NonWz1zHyLmSGHGTPNpsaguG7bUMSAsvIKKjqQOpdeJQ/wWWq8dcdcRWdq6
hw2v+vPhwvCkxWeM1tZUOt4KpLoDd7NlyP0e03RiqhjKaJMeoYV+9Udly/hNVyh00jT/MLbu
9mIwFIws6wIDAQABo4HhMIHeMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8DveAky1QaMB0G
A1UdDgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
BAUwAwEB/zB7BgNVHR8EdDByMDigNqA0hjJodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9BZGRU
cnVzdEV4dGVybmFsQ0FSb290LmNybDA2oDSgMoYwaHR0cDovL2NybC5jb21vZG8ubmV0L0Fk
ZFRydXN0RXh0ZXJuYWxDQVJvb3QuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQAZ2IkRbyispgCi
54fBm5AD236hEv0e8+LwAamUVEJrmgnEoG3XkJIEA2Z5Q3H8+G+v23ZF4jcaPd3kWQR4rBz0
g0bzes9bhHIt5UbBuhgRKfPLSXmHPLptBZ2kbWhPrXIUNqi5sf2/z3/wpGqUNVCPz4FtVbHd
WTBK322gnGQfSXzvNrv042n0+DmPWq1LhTq3Du3Tzw1EovsEv+QvcI4l+1pUBrPQxLxtjftz
Mizpm4QkLdZ/kXpoAlAfDj9N6cz1u2fo3BwuO/xOzf4CjuOoEwqlJkRl6RDyTVKnrtw+ymsy
XEFs/vVdoOr/0fqbhlhtPZZH5f4ulQTCAMyOofK7MIIGOzCCBSOgAwIBAgIRAMfqAeameX/i
sgeI8/NqV8AwDQYJKoZIhvcNAQEFBQAwga4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEX
MBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29y
azEhMB8GA1UECxMYaHR0cDovL3d3dy51c2VydHJ1c3QuY29tMTYwNAYDVQQDEy1VVE4tVVNF
UkZpcnN0LUNsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgRW1haWwwHhcNMDcxMDA5MDAwMDAw
WhcNMDgxMDA4MjM1OTU5WjCB2TE1MDMGA1UECxMsQ29tb2RvIFRydXN0IE5ldHdvcmsgLSBQ
RVJTT05BIE5PVCBWQUxJREFURUQxRjBEBgNVBAsTPVRlcm1zIGFuZCBDb25kaXRpb25zIG9m
IHVzZTogaHR0cDovL3d3dy5jb21vZG8ubmV0L3JlcG9zaXRvcnkxHzAdBgNVBAsTFihjKTIw
MDMgQ29tb2RvIExpbWl0ZWQxEzARBgNVBAMTCkouIE9xdWVuZG8xIjAgBgkqhkiG9w0BCQEW
E3NpbEBpbmZpbHRyYXRlZC5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8
zpfBTHvQbwRjwvlmxDVqHBsSibxsUusqWnCd4kE1JtjHKhsSjxh6josQjaR1nJCkEWRfCLFt
QVYscCELkDIKH8Mx4EVdowlPLCfI1hlkEqm12OW5QSHxaoUrKm67C1iuNuGzplSvVk1rhldt
rbtbWaXtK2GlAEvNdqfLzL1+LC9yVgfBKp+1mUys/uvkbL4Dg5u52qF8tCzCHbNmef1RxeEu
Wo+xPIDi6mf2zstfly0gPbTaFJ5910SKMZFfsLxTkwiqj6YzUQUKubirxqPNhWkeV0/V4Vjm
jrmrGQg45u3ZD2C8p/UjRuabtRIc6Tsuj3wVLhrOT1JghBt0FUibAgMBAAGjggIlMIICITAf
BgNVHSMEGDAWgBSJgmd9xJ0mcABLtFBIfN49rgRufTAdBgNVHQ4EFgQUz04jzdmRasnLL7o6
w4jwZBRdG3gwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwIAYDVR0lBBkwFwYIKwYB
BQUHAwQGCysGAQQBsjEBAwUCMBEGCWCGSAGG+EIBAQQEAwIFIDBGBgNVHSAEPzA9MDsGDCsG
AQQBsjEBAgEBATArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8ubmV0L0NQ
UzCBpQYDVR0fBIGdMIGaMEygSqBIhkZodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9VVE4tVVNF
UkZpcnN0LUNsaWVudEF1dGhlbnRpY2F0aW9uYW5kRW1haWwuY3JsMEqgSKBGhkRodHRwOi8v
Y3JsLmNvbW9kby5uZXQvVVROLVVTRVJGaXJzdC1DbGllbnRBdXRoZW50aWNhdGlvbmFuZEVt
YWlsLmNybDB8BggrBgEFBQcBAQRwMG4wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQuY29tb2Rv
Y2EuY29tL1VUTkFBQUNsaWVudENBLmNydDA0BggrBgEFBQcwAoYoaHR0cDovL2NydC5jb21v
ZG8ubmV0L1VUTkFBQUNsaWVudENBLmNydDAeBgNVHREEFzAVgRNzaWxAaW5maWx0cmF0ZWQu
bmV0MA0GCSqGSIb3DQEBBQUAA4IBAQAdvx2mw8YzR0ynfzcNeDSe3hr1RSJgB5ChBsh3llIh
Z7USEEVdExFuyxDZTO1ouXVP0vYliQvZZOKFk9pKvChXblqLt9dOYev5K48xKAOgcWkT1KpF
+08btQk8YSiga4LhomxvcVvp9IB1WrRnysuzoC0w71rF21okSBIbUdg8hJ7Q5uphTWlCPyxQ
G70JZnWpWvDY661h+XYlScA4hJiDpF8LQcBAXw7V9Y/j6CgK/wJxwSNt8dSvkfcsIZEigaE/
P67pozJyYfFn+mYg1j76lRCTLlI9xGl+6+SkViOMyVRwY+qjsCSgg5p0YXVwTnSsAyag72bO
aIyIclr4zAmZMIIGOzCCBSOgAwIBAgIRAMfqAeameX/isgeI8/NqV8AwDQYJKoZIhvcNAQEF
BQAwga4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp
dHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMYaHR0cDovL3d3
dy51c2VydHJ1c3QuY29tMTYwNAYDVQQDEy1VVE4tVVNFUkZpcnN0LUNsaWVudCBBdXRoZW50
aWNhdGlvbiBhbmQgRW1haWwwHhcNMDcxMDA5MDAwMDAwWhcNMDgxMDA4MjM1OTU5WjCB2TE1
MDMGA1UECxMsQ29tb2RvIFRydXN0IE5ldHdvcmsgLSBQRVJTT05BIE5PVCBWQUxJREFURUQx
RjBEBgNVBAsTPVRlcm1zIGFuZCBDb25kaXRpb25zIG9mIHVzZTogaHR0cDovL3d3dy5jb21v
ZG8ubmV0L3JlcG9zaXRvcnkxHzAdBgNVBAsTFihjKTIwMDMgQ29tb2RvIExpbWl0ZWQxEzAR
BgNVBAMTCkouIE9xdWVuZG8xIjAgBgkqhkiG9w0BCQEWE3NpbEBpbmZpbHRyYXRlZC5uZXQw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8zpfBTHvQbwRjwvlmxDVqHBsSibxs
UusqWnCd4kE1JtjHKhsSjxh6josQjaR1nJCkEWRfCLFtQVYscCELkDIKH8Mx4EVdowlPLCfI
1hlkEqm12OW5QSHxaoUrKm67C1iuNuGzplSvVk1rhldtrbtbWaXtK2GlAEvNdqfLzL1+LC9y
VgfBKp+1mUys/uvkbL4Dg5u52qF8tCzCHbNmef1RxeEuWo+xPIDi6mf2zstfly0gPbTaFJ59
10SKMZFfsLxTkwiqj6YzUQUKubirxqPNhWkeV0/V4VjmjrmrGQg45u3ZD2C8p/UjRuabtRIc
6Tsuj3wVLhrOT1JghBt0FUibAgMBAAGjggIlMIICITAfBgNVHSMEGDAWgBSJgmd9xJ0mcABL
tFBIfN49rgRufTAdBgNVHQ4EFgQUz04jzdmRasnLL7o6w4jwZBRdG3gwDgYDVR0PAQH/BAQD
AgWgMAwGA1UdEwEB/wQCMAAwIAYDVR0lBBkwFwYIKwYBBQUHAwQGCysGAQQBsjEBAwUCMBEG
CWCGSAGG+EIBAQQEAwIFIDBGBgNVHSAEPzA9MDsGDCsGAQQBsjEBAgEBATArMCkGCCsGAQUF
BwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8ubmV0L0NQUzCBpQYDVR0fBIGdMIGaMEygSqBI
hkZodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9VVE4tVVNFUkZpcnN0LUNsaWVudEF1dGhlbnRp
Y2F0aW9uYW5kRW1haWwuY3JsMEqgSKBGhkRodHRwOi8vY3JsLmNvbW9kby5uZXQvVVROLVVT
RVJGaXJzdC1DbGllbnRBdXRoZW50aWNhdGlvbmFuZEVtYWlsLmNybDB8BggrBgEFBQcBAQRw
MG4wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQuY29tb2RvY2EuY29tL1VUTkFBQUNsaWVudENB
LmNydDA0BggrBgEFBQcwAoYoaHR0cDovL2NydC5jb21vZG8ubmV0L1VUTkFBQUNsaWVudENB
LmNydDAeBgNVHREEFzAVgRNzaWxAaW5maWx0cmF0ZWQubmV0MA0GCSqGSIb3DQEBBQUAA4IB
AQAdvx2mw8YzR0ynfzcNeDSe3hr1RSJgB5ChBsh3llIhZ7USEEVdExFuyxDZTO1ouXVP0vYl
iQvZZOKFk9pKvChXblqLt9dOYev5K48xKAOgcWkT1KpF+08btQk8YSiga4LhomxvcVvp9IB1
WrRnysuzoC0w71rF21okSBIbUdg8hJ7Q5uphTWlCPyxQG70JZnWpWvDY661h+XYlScA4hJiD
pF8LQcBAXw7V9Y/j6CgK/wJxwSNt8dSvkfcsIZEigaE/P67pozJyYfFn+mYg1j76lRCTLlI9
xGl+6+SkViOMyVRwY+qjsCSgg5p0YXVwTnSsAyag72bOaIyIclr4zAmZMYIEUzCCBE8CAQEw
gcQwga4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp
dHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMYaHR0cDovL3d3
dy51c2VydHJ1c3QuY29tMTYwNAYDVQQDEy1VVE4tVVNFUkZpcnN0LUNsaWVudCBBdXRoZW50
aWNhdGlvbiBhbmQgRW1haWwCEQDH6gHmpnl/4rIHiPPzalfAMAkGBSsOAwIaBQCgggJjMBgG
CSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA4MDIxMjE5MjYxNFow
IwYJKoZIhvcNAQkEMRYEFFA/qujD1KphfBVfWGJQpPSf3PDUMFIGCSqGSIb3DQEJDzFFMEMw
CgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0G
CCqGSIb3DQMCAgEoMIHVBgkrBgEEAYI3EAQxgccwgcQwga4xCzAJBgNVBAYTAlVTMQswCQYD
VQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJV
U1QgTmV0d29yazEhMB8GA1UECxMYaHR0cDovL3d3dy51c2VydHJ1c3QuY29tMTYwNAYDVQQD
Ey1VVE4tVVNFUkZpcnN0LUNsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgRW1haWwCEQDH6gHm
pnl/4rIHiPPzalfAMIHXBgsqhkiG9w0BCRACCzGBx6CBxDCBrjELMAkGA1UEBhMCVVMxCzAJ
BgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJU
UlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xNjA0BgNV
BAMTLVVUTi1VU0VSRmlyc3QtQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBFbWFpbAIRAMfq
AeameX/isgeI8/NqV8AwDQYJKoZIhvcNAQEBBQAEggEAndDqkjs++FfSlKptts0crdGCxYw+
7J2oXXndFW32Ln6MqEU9ex0W3q24hXkd/fUyOpai0GxdZxBCK+Qone+nXkKycO7R7Y8+x2fN
IrAQkutcJtrz5Ly+tvGaOP25XbcuZD6MhtnO59Eea1fG8PcC/myND0JkJlJaVcVrEucgKpDc
MD6Swb4Ctqm1MFjWMzHOCpvIpqOqbvrIa9/Pbt8VdyPYIttc7T8eGigIXHxd5fLqMVW5dzvi
mCqWtfvDZXE9oWqY/x8UxRmoYM0tONvFBImrB0x8l9PnLkf09qa9wR2icaQJYdsAytkXUV2y
jdT9k62+7p8VEYfwPMvupSunJQAAAAAAAA==
--------------ms050904040303070400040302--
