Slashdot Mirror

← Back to Stories (view on slashdot.org)

IIALP - Abuse Logging Protocol

Posted by michael on from the hey-you-kids-get-off-my-lawn dept.

George Davey sent us a press release about abuselog.org, a site for the development of a generalized protocol for logging internet annoyances and abuses to a set of central servers, which could then be queried to find out which IPs are luserish.

14 of 173 comments (clear)

  1. that's cool! by grub · · Score: 5, Funny


    which could then be queried to find out which IPs are luserish.

    Interesting: 66.35.250.150 and 66.35.250.151 are the only entries. Truly uncanny AI.

    --
    Trolling is a art,
    1. Re:that's cool! by strictnein · · Score: 4, Informative

      Am I missing something? There seems to be absolutely nothing interesting to even look at for this site.

      Web site for the Iowa Internet Annoyance Logging Protocol (IIALP) Working Group.
      IIALP is pronounced: E'-alp.

      A copy of the current IETF "Internet-Draft" which represents a work in progress for IIALP is here:
      http://www.ietf.org/internet-drafts/draft-davey-ii alp-01.txt

      RTF versions of all the internet-draft work in progress revisions are here::
      http://www.abuselog.org/Documents/00/draft-davey-i ialp-00.rtf
      http://www.abuselog.org/Documents/00/draft-davey-i ialp-01.rtf

      Next Revision Peak Ahead:
      Working on the sample templates and template root structure

      Your comments are welcome, please email your comments to the email address shown below:
      Make sure to include IIALP first in the subject line followed by the actual subject.

      --
      Casual Games/Downloads
  2. I hope by jb.hl.com · · Score: 5, Insightful

    There's some form of verification.

    In and of itself, this could be very easily abused by, say, people with a grudge who want to essentially get someone else an internet death penalty.

    --
    By summer it was all gone...now shesmovedon. --
    1. Re:I hope by MobyDisk · · Score: 5, Interesting

      This is very important. Slashdot periodically posts stories about RBLs that add people, but never remove them. As horrible as it is to think, I wonder if some sort of legislation (governmental, ICANN, or otherwise) is necessary to keep these systems fair.

      I recently had Comcast shut down my port 25 access due to spam reports. Of course, they refused to tell me who reported me or what they reported, so even giving them logs of my outgoing port 25 access from a sniffer isn't enough for them to remove the mark from my record. (However, if I tell them I went to Windows update and ran a virus scanner they enable my access again. Nevermind that Windows Update doesn't do much on my Linux box. :-) )

  3. DHCP and MAC by CaptainPinko · · Score: 4, Interesting

    How will this work with DHCP where the IP address is not constant at all. How about using the MAC address of the card? At least it's something that can't be cheaply replaced (I get a different IP everytime I log on) or at least not by the majourity of people.

    --
    Your CPU is not doing anything else, at least do something.
    1. Re:DHCP and MAC by Feyr · · Score: 4, Informative

      how about the fact that you can't see the MAC address past the first hop? or the other that MAC addresses aren't (and don't need to be) garanteed to be globally unique?

    2. Re:DHCP and MAC by djh101010 · · Score: 5, Interesting

      Yeah, because the MAC address is so hard to change. ifconfig on some systems can do it, and a D-Link router can assume any MAC you'd like it to.

  4. That list'll get long quick by Neil+Blender · · Score: 4, Interesting

    Our firewalls get port scanned many times daily. Our weblogs are filled with this kind of garbage:
    63.189.X.196 - - [12/Jul/2004:16:31:04 -0700] "SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\ x

    I could probably contribute a thousand IPs from last month alone.

  5. yet another standard by UnderAttack · · Score: 4, Insightful

    There are too many 'incidents exchange', 'intrusion detection', 'log', 'firewall log' standards to count. Many of them IETF drafts. IDMF has a little bit of traction. There is one format the music industry came out with to ease notifications of ISPs....

    Do we need yet another "standard", or do we just need ISPs that are actually reading/handling any kind of abuse notice. Some are great about this, but others just route them to /dev/null.

    --
    ---- join dshield.org Distributed Intrusion Detec
  6. 4/1 by rabel · · Score: 4, Interesting

    The annoyance logs on a particular IIALP Server are condensed and forwarded up the IIALP hierarchy to central Root IIALP Servers for central annoyance queries.

    Come on... this is a joke, right? After annoyance queries, we can move on to annoyance mining and then the troll database and the lousy-speller's database with new improved SQL (Soundex Query Language for the spelling-impaired).

    Annoyance queries? Pshaw.

  7. TVP by Anonymous Coward · · Score: 4, Funny

    Tiny Violin Protocol.

  8. Signal to Noise ratio by Ex+Machina · · Score: 4, Insightful

    I'm browsing the RFC, and it sounds like they're planning on having people's firewalls spit out IIALP messages in response to port scans, etc. In my opinion, this is a really bad idea! Worm activity, someone running a stupid automated scan against an entire class A (whoooops!) by mistake, or a port scan trying to locate a particular machine whose ip has changed (which I have had to do), etc need to be differentiated from actual malicious activities. I can see this being used by overzealous admins to try to drop ALL traffic at the firewall level from anyone *ever* who gets a complaint propagated to them via this. Also, does anyone really expect their STUPID!@!!@ .log TLD proposal to be accepted?!??!! Jeez, everyone knows that this will never go through. Why do people insist on changing DNS, creating namespace pollution or breaking some other protocol (SMTP for a lot of spam "spolutins") for every problem facing the net!

  9. Fatal flaw in environmental assumption by bourne · · Score: 5, Insightful

    Having just skimmed the draft, there's a fatal flaw with this solution. To quote:

    The idea is that no one person can make a big impact to the Root IIALP Servers but a million people all annoyed by the same SPAM can make a huge impact.

    However, they don't seem to address the idea that one person controlling a million drones that send spam today... can control a million drones that submit IIALP reports about, say, cnn.com tomorrow, resulting in an DOS from all the sites that block based on the IIALP lists. They rely upon the reports of end-users, but do not take into account the fact that massive volumes of "end-user" machines are compromised and usable as drones for whatever nefarious uses their 0wner wants.

    In short, their anti-spoof assumes individual malicious user endpoint hosts. If the malicious users on the Internet were limited to individual endpoint hosts, we wouldn't need solutions like IIALP!

  10. Frontpage? by Anonymous Coward · · Score: 4, Funny

    A site about (internet) abuse logging... made in Front Page?
    (speechless)