Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Re: Botnets, IRC servers and firewalls?

Re: Botnets, IRC servers and firewalls?

From: Gadi Evron <ge_at_linuxbox.org>
Date: Thu, 05 Feb 2004 20:55:16 +0200

I apologize if this gets to the list twice, I emailed earlier from an
unsubscribed email address.

> Youch, Gadi!
>

Indeed, the blood test I had today was SO youch!
:o)

> By that particular accounting, we should have you and all of your family
> put down, because people in your town have committed crimes!

As I said, I exaggerated, but so are you..
Should you be held liable if you do not know how to drive a car and hit
a tree? Or a person?

As I said, this is not very much within the realm of possibility, but
ISP's can and should, to a level, be made by the law liable for what
their users do.

For example, port scanning from one of their users... Perhaps for not
responding to abuse reports?

I am not sure exactly to which level this should be held (in my opinion,
and as I said, I am exaggerating, do forgive me). But if you provide a
service you should be held liable, again, to a level, for those who use
it.. to spam.. to attack.. or some other issues?

Your metaphor to my, as stated, exaggerated analogy, is wrong.

Users now can utilize the "Trojan horse defense" to get out of nearly
everything, especially if the evidence in the case were not collected
carefully (such as catch the guy in the act).

> While it's certainly convenient to think that the right technical
> solution can solve complex social issues, it's clearly barking up the
> wrong tree.

User education is indeed a very important issue, and cannot be solved by
technological answers - at least not *completely*.

Take for example a corporate case where educating users about opening
email messages, AND blocking certain types of files + running an anti
virus on email locally + on the server - works (again.. to a level).

> The problem here is user education more than technical innovation.
> Using your [weak] car analogy, all the air bags, seat belts and roll
> cages in the world don't substitute for the driver knowing how to drive
> the vehicle, and take advantage of the safety mechanisms [eg: wearing a
> seatbelt].

By my "car" analogy, which was -again- an exaggeration to prove a point,
I meant that I believe things won't get better until better laws are
made that force ISP's to deal with abuse, spam, etc.

Sorry for the misunderstanding.

Unrelated example of "testing" the user -

The new Mimail that came today is a password protected zip file.

You need to crack the passwd, open the zip and run the worm in order to
get infected.. people still get infected. It would be interesting to see
the statistics in a few days.

I wrote something about user education, and quoted a bank security
officer who did a very cute test to see how users will react to
something new, you can find it in my follow-up to the Israeli bank
wireless hack.

If you are interested you can read it at
http://www.math.org.il/post-office2.html.

If it doesn't resolve (have problems today), try
http://66.232.160.227/post-office2.html .

     Gadi Evron.

_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Feb 05 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos