Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spamhaus Calls for Fining Operators of Insecure Servers

Posted by Unknown on from the banned-from-the-net dept.

Barence writes "Anti-spam outfit Spamhaus has called on the UK government to fine those who are running Internet infrastructure that could be exploited by criminals. Those who leave open Domain Name Server resolvers vulnerable to attack should be fined, if they have previously received a warning, said chief information officer of Spamhaus, Richard Cox. When Spamhaus was hit by a massive distributed DDoS possibly the biggest ever recorded at more than 300Gbits/sec — open DNS resolvers were used to amplify the hit, which was aimed at one of the organization's upstream partners. 'Once they know it can be used for attacks and fraud, that should be an offense,' Cox said. 'You should be subject to something like a parking ticket... where the fine is greater than the cost of fixing it."

3 of 170 comments (clear)

  1. Another cure that is worse than the disease by melonman · · Score: 5, Interesting

    This sounds great in theory but, in practice, it's going to be almost impossible to enforce (eg whose definition of 'vulnerable'?) and it would promptly create several new Internet plagues, eg the "Your server has a vulnerability, pay us now to stop us reporting it" spam email.

    --
    Virtually serving coffee
    1. Re:Another cure that is worse than the disease by Anonymous Coward · · Score: 3, Interesting

      I disagree. This is a classic example of making [stupid|apathy] hurt. In this case, the hurt is financial, but the effect is there.

      If a company can't be arsed to protect their systems to prevent it, they need to pay for it. If a person (or small business) can't be arsed to have an IT person, either part-time or contracted out through an agency to secure their systems, then they need to pay the price. If that same SMB relies upon their vendor/provider for security, and they fail to deliver, it's time to find another vendor/provider.

      When that price becomes higher than the cost of compliance to prevent an actual, measurable problem then we will see a shift.

      Most people want to do the right thing. For some people, you need to provide the carrot & stick approach.

  2. Free Speech by CanHasDIY · · Score: 3, Interesting

    If things like public defecation, nudity, and pan-handling can be successfully argued as free speech (which they all have, at some point, somewhere), I think it would be a pretty simple affair to claim that running open, unsecured internet infrastructure is also a form of free expression.

    "The trouble with fighting for human freedom is that one spends most of one's time defending scoundrels."

    --
    An enigma, wrapped in a riddle, shrouded in bacon and cheese