Re: RPAT - Realtime Proxy Abuse Triangulation

From: Greg Barnes <greg(at)ins.com>
Date: Mon Dec 30 2002 - 14:06:35 EST

Hi Jay,

Comments inline...

Saturday, December 28, 2002, 12:51:09 AM, you wrote: JDD> -----BEGIN PGP SIGNED MESSAGE-----
JDD> Hash: SHA1

JDD> On Fri, 27 Dec 2002, Stephen P. Berry wrote:

>> Funny that everyone seems to be hung up on the question of whether or
>> not reciprocal scans are -legal-. Howzabout this one: Even if scanning
>> spam relays is -legal-, is it ethical?

JDD> Such a practice strikes me as teleologically ethical[1]. A system

Technologically Ethical? Is that like 'technically honest' but not honest by any other definition?

JDD> is being abused and we recipient systems are paying the canonical price
JDD> for it.  And since we bear the cost of someone else's irresponsibility, we
JDD> have both the right and the responsibility to pick up the slack created by
JDD> the other party so that other systems do not receive the same net.abuse
JDD> ours have.

This would be true if you represented an extension of law enforcement.

JDD>         The only thing that would color such a practice as even remotely
JDD> unethical would be later utilization of such findings for the purpose of
JDD> further spamming or other nefarious conduct.

Who defines nefarious? The rule of law defines it. And there are agencies established for the purpose of enforcing the law. I can't believe this is even a question here...

JDD>         As a rule, when my systems are spammed via an open relay, I do
JDD> indeed perform open relay tests on the offending system to confirm that
JDD> the relayed spam is genuine or trivially spoofed[2].  With those findings,

So how does one justify any scanning beyond that which is required to determine the source of a problem in the course of one's day to day duties, and furthermore with the end goal of notifying the cognizant authority of the offense?

JDD> I file my reports with the cognizant admins and/or upstream providers so JDD> that an end may be put to that nonsense.

All well and good, but again - to what end, the additional scanning?

JDD> - -Jay

JDD> 1.  I don't subscribe to deontological ethics.  Even when I was a lad I
JDD>     never regarded "because I said so" as a valid rationale for anything.
JDD> 2.  Old Sun Microsystems SMI 8.6 MTAs will accept any HELO statement and
JDD>     not log the IP, which caused all manner of spammer mischief.

JDD>    (    (                                                         _______
JDD>    ))   ))   .-"There's always time for a good cup of coffee."-.   >====<--.

JDD> C|~~|C|~~| (>------ Jay D. Dyson - jdyson@treachery.net ------<) | = |-' JDD> `--' `--' `How about a 10-day waiting period on YOUR rights?' `------'

JDD> -----BEGIN PGP SIGNATURE-----
JDD> Version: GnuPG v1.0.7 (TreacherOS)
JDD> Comment: See 
http://www.treachery.net/~jdyson/ for current keys.

JDD> iD8DBQE+DUniTqL/+mXtpucRApOlAKDFuMLEvKwX11Toknd0hSFxImXJ/gCeOl1a
JDD> Kmj84nr7KbWgxmjafsVZDm0=

JDD> =Y1yR
JDD> -----END PGP SIGNATURE-----

JDD> ----------------------------------------------------------------------------
JDD> This list is provided by the SecurityFocus ARIS analyzer service.

JDD> For more information on this free incident handling, management JDD> and tracking system please see: http://aris.securityfocus.com

-

Regards,

Greg

PGP Fingerprint:
723E 7CAD 4EF5 D904 1EE8 5279 71A5 A594 E6A7 C48E

---

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Mon Dec 30 15:26:26 2002