IIALP - Abuse Logging Protocol

← Back to Stories (view on slashdot.org)

IIALP - Abuse Logging Protocol

Posted by michael on Tuesday July 13, 2004 @08:30AM from the hey-you-kids-get-off-my-lawn dept.

George Davey sent us a press release about abuselog.org, a site for the development of a generalized protocol for logging internet annoyances and abuses to a set of central servers, which could then be queried to find out which IPs are luserish.

5 of 173 comments (clear)

Min score:

Reason:

Sort:

that's cool! by grub · 2004-07-13 08:31 · Score: 5, Funny

which could then be queried to find out which IPs are luserish.

Interesting: 66.35.250.150 and 66.35.250.151 are the only entries. Truly uncanny AI.

--
Trolling is a art,
I hope by jb.hl.com · 2004-07-13 08:32 · Score: 5, Insightful

There's some form of verification.

In and of itself, this could be very easily abused by, say, people with a grudge who want to essentially get someone else an internet death penalty.

--
By summer it was all gone...now shesmovedon. --
1. Re:I hope by MobyDisk · 2004-07-13 08:57 · Score: 5, Interesting
  
  This is very important. Slashdot periodically posts stories about RBLs that add people, but never remove them. As horrible as it is to think, I wonder if some sort of legislation (governmental, ICANN, or otherwise) is necessary to keep these systems fair.
  
  I recently had Comcast shut down my port 25 access due to spam reports. Of course, they refused to tell me who reported me or what they reported, so even giving them logs of my outgoing port 25 access from a sniffer isn't enough for them to remove the mark from my record. (However, if I tell them I went to Windows update and ran a virus scanner they enable my access again. Nevermind that Windows Update doesn't do much on my Linux box. :-) )
Re:DHCP and MAC by djh101010 · 2004-07-13 08:38 · Score: 5, Interesting

Yeah, because the MAC address is so hard to change. ifconfig on some systems can do it, and a D-Link router can assume any MAC you'd like it to.
Fatal flaw in environmental assumption by bourne · 2004-07-13 09:02 · Score: 5, Insightful

Having just skimmed the draft, there's a fatal flaw with this solution. To quote:

The idea is that no one person can make a big impact to the Root IIALP Servers but a million people all annoyed by the same SPAM can make a huge impact.

However, they don't seem to address the idea that one person controlling a million drones that send spam today... can control a million drones that submit IIALP reports about, say, cnn.com tomorrow, resulting in an DOS from all the sites that block based on the IIALP lists. They rely upon the reports of end-users, but do not take into account the fact that massive volumes of "end-user" machines are compromised and usable as drones for whatever nefarious uses their 0wner wants.

In short, their anti-spoof assumes individual malicious user endpoint hosts. If the malicious users on the Internet were limited to individual endpoint hosts, we wouldn't need solutions like IIALP!