Pointer, Public Policy issue - from Bill Stearns

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Too good to miss...

If you're not reading http://isc.sans.org/diary.html , you should be every
day.  It is posted blog style and archived, so the page I see now may be
different when you view it later.  The linked pdf has the message.  Here
is Bill's posting from the sans site:

Office of Cyber Public Health?
Published: 2007-06-14,
Last Updated: 2007-06-14 05:02:03 UTC
by William Stearns (Version: 1)

Joe St. Sauver, security and spam researcher at the University of
Oregon, points out that botnets are a symptom; the cause is infected
systems.  We can't clean up the bots without cleaning up the infected
systems first.

His paper for the Anti-Phishing Working Group is here

As you read it, ask yourself these questions.  If you think his proposal
wouldn't work, what would you recommend instead?  Would your proposal be
more likely to succeed?  Why?

-- Bill

Re: Pointer, Public Policy issue - from Bill Stearns

Oh, for ghod's sake.

Go to http://www.craphound.com/spamsolutions.txt and fill out the
appropriate boxes.

Re: Pointer, Public Policy issue - from Bill Stearns

Nico wrote:

Quoted text here. Click to load it

I have to believe that Messers Stearns and St. Sauver were quite serious
in what they wrote.  Also, that they are not entirely ignorant of that
which they speak, as I am also not entirely.  Other readers should also
not be ignorant of this, and that is why I posted the pointer.

Please be so considerate as to post your comments directly to SANS, where
they will be moderated and posted if worthy of posting (unless, of course
they have some special significance to this NG).  There are some new
comments posted there today.

The original link to the 'diary' that you trimmed without note is


The link to Mr. St. Sauver's (pdf) article therein contained is

Quoted text here. Click to load it

This is an exceptionally moribund and negative text.  It is surely
a recipe for a self-fulfilling prophecy for failure.  I suggest that you
yourself go to that text and 'fill out the appropriate boxes'.  Send it to
the original publishers and see what success you find.

Re: Pointer, Public Policy issue - from Bill Stearns

responder wrote:

Quoted text here. Click to load it

Amplifying my own message:

Here is another indicator of interest of attempt to 'disrupt botnet
activities'.  Scroll to the title 'FBI Headline: Operation BOT ROAST',
dated Wednesday, June 13, 2007.

http://www.f-secure.com/weblog /

Re: Pointer, Public Policy issue - from Bill Stearns

On Thu, 14 Jun 2007 03:29:15 -0400, responder wrote:

Quoted text here. Click to load it

If he wants gov. controlled (and it would end up gov. "controlled")
Internet, he can go to China. I hear they do a pretty good job of
censoring their citizens there. As soon as you allow government to filter
based on content, it becomes a content-filter, and that equates to
censorship. It's no different than filtering radio or television
broadcasts (which I believe that, the US gov. at least, would have already
done to the Internet if it were not an international entity).

The author makes frequent allusions to the 'Net as similar to heath care,
but it is not. Not the US, nor anyone else, would die if the Internet as a
whole was shut down. Surprising we lived centuries before without it.

The solution is to make it costlier to allow abuse to exist than it is to
clean it up. Make damage done to a computer system, whether it's hacking
or whatnot, a cost that is passed on down the line to it hits the person
ultimately responsible for that offending system: the user. Watch then how
fast they learn to secure themselves. Pull their plug until they do. The
key points are 1) assign a monetary value to abuse and charge it against
the ISP that in turn will want to off load that onto the customer causing
the trouble and 2) deny service until they're secure. Why can't you
connect today? well, because you've been turned into a spam-cannon and the
Internet at large doesn't want to include you if that's what you're
putting out there.

Those places in the world that are not willing to be responsible for the
damage they cause, you don't allow their traffic. Or you do, but you
heavily restrict what they can connect to. I already do this with places
known not to accept abuse reports from myself, or those that bounce my
mail. If your operating system doesn't allow you to do this easily, you
probably need to change operating system. But it's the user's choice, who
he'll allow to connect to him or correspond with.

The hardest part of a solution like this would likely be attaching a cost
to the abuse. Maybe it needs to a sue-able offense? Maybe there needs to
be a few basic laws created, or old ones updated for the Internet of
today? I'm not sure; but I garantee that it's better and less restrictive
than turning the whole thing over to the government.

[RBL:Just A Bad Idea] Do not use DNS-RBL; Demand your ISP stop.
 Tell RoadRunner/Adelphia, Netzero,etc: don't trash your mail.
Finger my user name at host atr2.ath.cx for mail addr, gpg, etc.

Re: Pointer, Public Policy issue - from Bill Stearns

jayjwa wrote:


Quoted text here. Click to load it

The bulk of what I trimmed is a good and intelligent suggestion.  The
problem is that there is no tasked group to pursue and implement punitive
sanctions against abusers, just as there is apparently no organized
consensus of the need to do so.  

While we lived long before without internet, it has quickly become an
indispensable part of essential infrastructure.  I do share your aversion
to total government control.  Development of consensus alternatives needs
community discussion and involvement.

Those who think this need not be a personal concern to them are in denial.
 Thanks for your intelligent consideration and thanks for writing.  I will
continue to try to read and answer as I am able, should you or others
continue the discussion.  

To those whose own news servers do not carry the original messages in this
thread, I would suggest google groups (groups.google.com).

Site Timeline