In message <20040610051613.GJ20881(a)stateless>, Nicholas Lee writes:
On Thu, Jun 10, 2004 at 04:58:31PM +1200, Ewen McNeill wrote:
[... suggesting] anti-spam legislation, a legal duty be placed on people not to connect/allow to remain connected an insecure/0wned/infected system under their control.
Unlike vehicles, access to the internet for most people is not via a "public road". [...] A WOF/license for driving the internet just seems like needless legisation.
I actually didn't suggest a WOF/license for driving on the Internet (this time -- although I do actually think it's a good idea). What I suggested was that those who have allowed systems they own to become unsafe/damaged so that they cause harm to others should be made responsible for that harm. And it doesn't seem like needless legislation to me. It's not _my_ systems (or any of the ones I'm responsible for administering) which are sending thousands of spam messages, viruses, worms, to machines across the world. I just get to receive thousands of them a day via all these machines of people who are not taking responisbility for the systems they're connecting to a common resource (viz, the Internet). As Juha says there is a problem with patches not being available. I'd be quite happy to allow "no vendor patch" as a complete defense for the end user (although if the issue is well known the vendor should perhaps be culpable). I'd even be willing to conceed "vendor patch too recently released, couldn't patch everything" with in a reasonable amount of time of the patch coming out. Simply persuading someone to take responsibility for the never-been-patched, installed-stuff-at-random, insecure-OS-design boxes would dramatically reduce the problem.
ISPs already have the power to regulate users this way via their TOS. Its clear though that all ISPs would have to subscribe to the above for it to have long-term effect.
The days of ISPs taking responsibility for the actions of their users appear to be a fading memory. It's unlikely any ISP would block users with infected machines these days unless all ISPs did it; the only way that all ISPs are likely to do it is if it's a legal requirement. (Otherwise it's a prisoner's dilemma situation.) Ewen
On Thu, Jun 10, 2004 at 05:27:35PM +1200, Ewen McNeill wrote:
I actually didn't suggest a WOF/license for driving on the Internet (this time -- although I do actually think it's a good idea).
Seems to me that's what you are saying. I know many geeks think this idea is a good way to manage the net.
What I suggested was that those who have allowed systems they own to become unsafe/damaged so that they cause harm to others should be made responsible for that harm.
Sounds like a internet WOF to me.
And it doesn't seem like needless legislation to me. It's not _my_ systems (or any of the ones I'm responsible for administering) which are sending thousands of spam messages, viruses, worms, to machines across the world. I just get to receive thousands of them a day via all these machines of people who are not taking responisbility for the systems they're connecting to a common resource (viz, the Internet).
Maybe we should say the same thing about people who don't get their flu shots? Legislation wont fix this problem. At the end of the day, ISPs will still have to enforce it. If they are not doing it now why will they suddenly decide to do it tomorrow? We all know that a law like this will have so many loop-holes that small ISPs might be forced to take action, but large ISPs (Xtra?) will ignore it, and as a result probably end up with people leaving the smaller ISPs. The thing is, with roads the government controls access. If you dont have a WOF or drivers license. Eventually you go to jail if you wont act as a responsible driver/car owner. The government can only regulate the roads of the (local) internet via impossing rules on ISPs. There are no public internet cops or traffic wardens, who can pull you over, then take you to jail on the spot. ISPs own private roads. Its better they regulate it themselves. Lets not give the government another thing to control.
Simply persuading someone to take responsibility for the never-been-patched, installed-stuff-at-random, insecure-OS-design boxes would dramatically reduce the problem.
Personally I feel a reasonable responibility lies with the vendors who supply unsecure software. That however is an arguement for another day. Finally, any local political solution is not going to help us against spam from oversea. Nicholas
On Thu, 2004-06-10 at 17:47, Nicholas Lee wrote:
The thing is, with roads the government controls access. If you dont have a WOF or drivers license. Eventually you go to jail if you wont act as a responsible driver/car owner.
The government can only regulate the roads of the (local) internet via impossing rules on ISPs. There are no public internet cops or traffic wardens, who can pull you over, then take you to jail on the spot.
ISPs own private roads. Its better they regulate it themselves. Lets not give the government another thing to control.
I don't think Ewen was suggesting that we impose further rules/code of practice/whatever in this case on ISP's. We've seen how fruitless/non-useful that has been so far. As is commonly the case, it's all about the ends in this architecture. The question is what can be done to encourage those who are selling/providing potential zombie boxes to try and ensure that those who are receiving them at least try and keep them secure - and if they fail to do this, accept the severe penalty (i.e turned off). Taking the analogy further, WOF are applied to cars. Not roads. People need to recognise if their car loses it's WOF then if they venture on the road, they may get penalised. I suspect the flaw in this plan is that by forcing PC vendors to make sure that users are clued, and boxes are patched is that a lucrative revenue stream ("..please service my b0rked PC..") is removed in the process. So there's no compelling reason as to why the PC vendors should get on board. Not only that, but ensuring users has clue costs the vendors. I realise that the horse has already bolted (the zombies are already out there), and this sort of thing only bears fruit a wee way away, but I don't think there's ever going to be a golden bullet for this stuff, so we've just got to keep shooting the beast with bronze ones. cheers jamie
For those who use SpamAssassin, the 1000's of German Spams can be found easily. I just made up a rule (with help from #nzadsl people) The Message ID's that qmail use are numbers only (checked from qmail sources (newfield.c:37+) and the spam's don't conform to this, so.... header GERMANSPAM MESSAGEID =~ /^<.*[a-z].*\.qmail\@.*>/ describe GERMANSPAM Contains German Spam score GERMANSPAM 10 10 10 10 For those who use other Anti-Spam systems, adding this rule should be easy. Thanks Craig Whitmore
At 23:09 10/06/2004, Craig Whitmore wrote:
For those who use SpamAssassin, the 1000's of German Spams can be found easily. I just made up a rule (with help from #nzadsl people)
The Message ID's that qmail use are numbers only (checked from qmail sources (newfield.c:37+) and the spam's don't conform to this, so....
header GERMANSPAM MESSAGEID =~ /^<.*[a-z].*\.qmail\@.*>/ describe GERMANSPAM Contains German Spam score GERMANSPAM 10 10 10 10
For those who use other Anti-Spam systems, adding this rule should be easy.
Thanks Craig, Works great. By the way, has anyone noticed that these particular spams via zombie machines seem to obtain email addresses for the fake Return address in the same manner as viruses ? All spams forge the Return address of course, but this seems to be the first time I've noticed that the email addresses used for the fake Return addresses are being retrieved from the zombie machine itself, rather than the zombie just passing on the message to be sent verbatim. That means these spams are causing just as much confusion from their bounces as virus originated bounces... *sigh* Regards, Simon
[cc list trimmed] Simon Byrnand wrote:
Thanks Craig,
Works great.
Have heard that Craig's ueber-SA rule works well for others too.
By the way, has anyone noticed that these particular spams via zombie machines seem to obtain email addresses for the fake Return address in the same manner as viruses ?
All spams forge the Return address of course, but this seems to be the first time I've noticed that the email addresses used for the fake Return addresses are being retrieved from the zombie machine itself, rather than the zombie just passing on the message to be sent verbatim.
That means these spams are causing just as much confusion from their bounces as virus originated bounces...
Nice one. Anyway, it seems as if the European Union elections this coming Sunday is the reason for the huge spam run. Wrote a small story about it here: http://computerworld.co.nz/news.nsf/UNID/C0F6690249C852D2CC256EB0000B4F84 ... which may be of interest to NZNOG. -- Juha
participants (7)
-
Craig Whitmore -
Ewen McNeill -
Jamie Baddeley -
Jeremy Brooking -
Juha Saarinen -
Nicholas Lee -
Simon Byrnand