Internet Providers Band Together to Fight Evil

← Back to Stories (view on slashdot.org)

Internet Providers Band Together to Fight Evil

Posted by timothy on Wednesday March 30, 2005 @12:50AM from the hola-arborites dept.

toadlife writes "A group of prominent Internet providers are teaming up with a security vendor Arbor Networks to form the Fingerprint Sharing Alliance. Through the use of Arbor Networks Peakflow SP internet appliance (which is an OpenBSD box with some secret sauce mixed in), members of the alliance can share internet threat information with each other in real time. It sounds a bit like Razor, doesn't it?"

3 of 116 comments (clear)

Min score:

Reason:

Sort:

"Evil"? by Markus+Persson · 2005-03-30 00:54 · Score: 5, Insightful

DDOS attacks? BitTorrent traffic? Spam email? Slashdotting? Seems a bit too vague to be good.

--
If the cat can't experience its own death, nothing will ever kill you. (No, really!)
1. Re:"Evil"? by KiloByte · 2005-03-30 01:35 · Score: 4, Insightful
  
  Uh oh.
  If I read this correctly, if you take part in a DDOS attack also known as "Slashdotting", it takes just a single trigger-happy sysadmin somewhere on the way to knock you and the rest of us from the participating networks.
  
  The article is pretty vague, and if I read correctly, there _is_ a human factor involved. Of course, humans are better from machines from telling apart a bone-fide Slashdotting (beh, a "bona-fide" DDOS attack :p ) from something that's meant just to destroy.
  
  However, our bona-fide attack just took their server down. We're entering a gray area here: is it still a legitimate flash crowd? It's often hard to tell. The problem is, until today, the one who used to lose was the affected server. If enough backbone ISPs will join this alliance, it will be us getting hurt by the collateral damage.
  
  --
  The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
This could be perfect for fighting zombie spam by minas-beede · 2005-03-30 03:26 · Score: 4, Insightful

If they would but do it this coalition could expand their concern to the detection and prevention of zombie spam (that is, abuse of systems within each provider's IP space as zombies) they could begin the process of eliminating spam. Not dealing with spam, eliminating spam. It's long past time for that.

The great unexploited opportunity for eliminting spam is at the intermediate level (that is, ahead of the destination server for the spam.) If they had been implemented in sufficient numbers at the appropriate time (with "sufficient numbers" being below 1% of all IP addresses) open relay and open proxy honeypots could have eliminated spam - before the spammers had a chance to advance to zombies.

The great anti-spam opportunity is still at the intermediate level (where distinguishing spam from valid email isn't necessary - no valid email follows the path spam takes.) At the intemediate level anti-spam actions can easily be 100% effective, 100% accurate. No spam delivered, no valid email (of which there is none using that path) wrongly stopped.

All it would take would be for ISPs and others to detect the abuse and then act against it - in all the ways they can or in all the ways they choose (some, for instance, might cling to the "only blocking is good" philospohy. OK, let them only block - it still is productive, even though it's way less so than interception, since the spammers can simply choose another abuse path when they experience blocking. For interception the spammers first need to learn that the spam is bieng intercepted. It's always good to make life harder for the spammers, to add to their burden.)