>After investigating, Prodigy canceled the accounts, but was unable to identify the impostor.
Maybe I'm on drugs here, but this sounds like a pretty serious problem to me, when an ISP cannot figure out who is using their own service! Based on the facts as I know them, I think Prodigy should have been held liable for this, since they obviously didn't have some way to verify the identities of their users.
Why? Why on earth should they be able to verify the identities of their users? Should hotmail be able to verify the identity of every single hotmail-account owner?
At the best, prodigy can track down the phone number of the person who dialed in - if they are a dialup service. What does that give them? NADA. I'm not sure how prodigy services works, but if it works the same way as some norwegian ISP's, then someone could've signed up by going to certain webpages, and "signed up" for a free account. Furthermore, you can sign up when bouncing via a proxy.. say.. a netbus infected person.
It takes no skill to bounce via some totally anonymous bouncers (netbus infected people, people with non-logging wingates running, and so forth).
That prodigy couldn't identify them.. well, its no surprise to me.
-- "Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
They will if they are given enough pressure from governments. Universities are blocking napster.. why shouldn't they block FreeNet?
Napster is easy to block. You just blacklist the napster servers. Freenet is decentralized. I don't remember if its port-bound, but if its not, I don't see how they can block it at all. If it IS port-bound, then you can just set up a tunnel.
How do you think people are using UDP at studby.uio ?;)
-- "Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
Here's a question: I know it's a weekend and all, but does anyone care? Is this really newsworthy? Big deal, some website in some God-forsaken backwater country like Russia has some illegal materials available. And Slashdot posts it.
"Illegal". Its illegal, because we in the western world has stupid laws. Of course, those who made it should be properly honored -- but for how long?
And, its important to post, due to the interesting question it raises. Will "illegal" sites like this, be set up in countries which doesn't respect stupid letters from american lawyers? (Hey! Mattel lawyers! I've got your letter to me in glass-and-frame on my wall!!:))
However, its not long before we'll have freenet. And with it, totaly anonymity and the possibility to post whatever we want, without fear of retribution. I look forward to that.
-- "Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
People will have to install FreeNet servers - yes. But I don't think that will be a problem. Lots of people will do that. And, maybe one or two corporate firewalls for some companies will block them, but ISP's most certainly won't.
And remember, since freenet isn't dependant on ONE particular site, someone inside such a firewall may always make a 'tunnel' through a proxy, to bypass it.
-- "Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
I think the answer to all our worries about material beeing pulled from the net, will be answered as soon as FreeNet is finished. One can argue wheter freenet is good or bad. But the single fact remains - that information will become free. Totally free. Nobody will be able to stop it.:)
And that, imho, is a Good Thing.
-- "Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
Just because napster provides the tools, doesn't mean that they are responsible for the piracy. They've created a tool for sharing music. Unfortunately its impossible to distinguish (for computer programs) commercial and non-commercial music.
-- "Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
If you check out the slashdot thread with that article as a subject, you can read my article (and other) which rebuffed the theory. It is not a good theory. in short - it sucked.:)
-- "Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
That is a good tactic against a DOS attack. Not against a DDoS attack. A properly executed DDoS attack includes thousands of machines from all over the world. It is impossible to find a solution to the problem at the moment. If you have enough time on your hands, its no problem involved in scanning millions of ip addresses and finding thousands of vulnerable boxes. With that many boxes under your command - a DDoS attack is a piece of cake to execute.
There is no way to stop it. Your upstream will have to filter out everything - since the SYNpackets will be spoofed. They cannot know the difference between a forged SYN and a legitimate one. As for ICMP's, they can be filtered.
-- "Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
Building a honey pot no matter how good a security expert you think you are, is a bad idea.
That, my friend, depends on what your goals are. There are several good reasons to build honeypots.
First of, if you are pretty sure about your network, and that you are an idealist -- creating a honeypot let you see where scans originate from. After that, you can contact the admin of the machine it originated from -- and tell him that he probably is cracked. You've made a friend.
Secondly, if you don't have important data on your network, and just want to catch some fish and watch the ruckus -- i'm sure it can be great fun.
In other words, it depends on your goals, what kind of person you are, and so forth.
Nevermind the fact that you have intentionally left an easily crackable machine on the internet, from which crackers can launch other attacks.
That depends on what you leave on the machine. It also depends on the firewall rules. Not to forget, if you monitor the machine, you may see what he attacks from the machine -- and thereby alert the machine new machine he just cracked into. Someone would've found that other vulnerable machine in time anyways -- so I don't see the damage.
And, if your firewall denies outgoing ICMP's (in heavy quata, and with spoofed ips..) it may not be used in a smurf attacks. Furthermore, if the firewall says "no more than 10 outgoing SYN requests per 5 seconds" we can forget about synflooding too:)
I personally don't know who has the time to set up decoy machines, when it's difficult enough keeping servers patched in a 24x7 production environment.
Not everybody who builds a honeypot is a security professional with little time on his hand to secure a large companys network. I totally agree with you if that is the case. Building honeypots on large companies networks is a Bad Thing (imho).
-- "Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
Well, I don't think you'll learn anything by setting up a honeypot. To set up a honeypot you already need to know MUCH more than the average scriptkiddie. And, I'm pretty sure that you'll get 100 scriptkiddies -- or probably even more -- before you catch a SINGLE new and revolutionary cracker.
The best defence against crackers is to follow bugtraq and other security mailinglists. Closely.
otoh, I think it might be useful to set up honeypots VERY FAST after a new type of major bug is found. For example -- if you had set up some honeypots with exploitable BIND daemons just after the vulnerability was released -- my guess would be that you would catch the 'new and C00l' tools for breaking into bind faster.
That actually was a great idea. Next time there is a major Linux bug, i think i'll use a spare machine, install the buggy software on it, and monitor it CLOSELY. That was actually a swell idea. Thank you for leading me onto that thought-path.:)
-- "Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
Signal11. You should know better than saying that you can prepare for DDoS attacks. Nobody can survive a properly executed DDoS attack. Not yahoo.com, not ebay, nobody.
If you kill ALL the bandwidth - with packets, then there is nothing the target can do. NOTHING. Nothing whatsoever.
All it takes, is enough clients to smurf, SYNflood and so forth. The bandwidth will be saturated, and nothing can stop it.
The Net obviously more fragile than you realize.
-- "Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
First of all, its no problem to make a honeypot. You install a buggy system, and watch what happens.
The problem is.. are you a likely target for someone older than a 15 year old scriptkiddie who "rules on IRC" ? Probably not. Most cracked sites get cracked by scriptkiddies who want a box to install a eggie on, so that they can join it into their IRC botnet.
But, back to the question. A good honeypot would be a system that didn't get cracked, but where you created an environment that - for the cracker - seemed to be a normal unix system. First of, you need to create the programs that listenes to different ports. You probably want to listen to port 21, 23, 25, 53, 80, 110, 6000, and probably a couple more -- so that it seems to be a regular system. You should also scan a redhat 5.2 box (or something) and find the exact banners they show. You need to recreate *Exactly* what happens, when someone executes "the" bufferoverflow that usually happens, and so forth.
The question "will it fool good hackers" or whatever the question was - is quite void in my eyes. Good crackers wont scan enourmous subnets for crackable hosts. Its the scriptkiddies that does that kind of thing. And yes -- you will catch them. You will catch hundreds of them. The problem is - the scans and breakins will originate either from wingates - or from other cracked hosts. Sure, its a nice gesture to notify them -- but you probably won't catch any fishes.
-- "Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
After writing the above piece, I remembered once using a nifty little tooled called 'netdemon'. Its a windows(god forbid) tool, but I fired up a computer with windows, and downloaded the tool (which is shareware.. 30 days.. then you've got to pay).
Using the 'address scanner' you can reverse-resolve any IP range. Since I've yet too see such a tool for *nix (or maybe its just me that's too stupid to figure out how to just reverelookup an iprange;) - I fired it up, and found the list. I suggest that you other slashdot guys do the same. You'll find the tool at www.netdemon.net.. if i remember correctly. If you don't find it, just search at google.
Find the most interesting customers of netbeans, and mail them about the ISP's behaviour.
-- "Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
Ok, there is no doubt that this needs action. We, the internet community, cannot accept this kind of shit happening.
I did a whois lookup, it turns out that netbenefit owns a/19 network. They are pretty big. What we need to do, is to reverselookup each and every Ip address, and gather a list of all domains. We should all do our job, and send a mail to the companies we see fit -- that use netbenefit as a provider. We should inform their customers, as many as possible, about their providers actions.
NOTE! We MUST NOT send out a single message to thousands of their customers. That would be spamming. But we should each and every one look up some of them, and mail them.
The mails should have links to this slashdot article, and to all relevant sites. This action should and must be taken As Soon As Possible.
-- "Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
The company could simply request the information sent time after time themselves. They could put in on thypically "popular" URLs. Or they Could spam on UseNet / Irc / whatever with the freenet site, and get lots of newbies to go read.
The problem with this, is that the spammers would get others to pay for their goodies. They would abuse the resources -- to the extreme. So much that good information would fall out.
-- "Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
FreeNet is a great idea. But it has a fundamental flaw. The information is stored on dozens of servers, and paid for by dozens of admins. But they cannot delete it.
That means that spammers will have a *Great* time. They can spam whatever they want, and nobody will be able to pull it of the net. Furthermore, they won't pay for the storage of the spam themselves.
Think about it. Making a freenet "website" - and then spamming freenet about it. Nobody would be able to pull it away. More companies would do it , and so forth. The result beeing that freenet gets overloaded with JUNK - and nobody is able to stop it.
Right? (That's my major concern about freenet..)
-- "Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
If the MPAA get this idiocy hammered through, then it would be the death of the internet as we know it. If one can be held responsible for the contents of the links you have, or of the links links, then you can be held responsible for.. well, nearly anything.
If the judge allows this to happen, he cannot have much knowledge about the internet. And, it would be a catastrophy. I don't know exactly what can be done, except for a huge demonstration on the day the ruling is. And then I mean HUGE. This needs to get media attention.
-- "Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
Look at the two things DDoS attacks target: Bandwidth and the remote host(s). Network bandwidth is becoming a non-issue (in the 5-10 year range), so ignore that for now.
No. Its the bandwidth-DDOS'es that will continue to be the problem. As long as there is compromizeable hosts and the possibility of IP-spoffing, it will be "no problem" to exhaust a hosts bandwidth..
-- "Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
The problem is the owners and operators of thee subverted systems aren't being held even partially responsible for the DOS attack launched from their systems right under their noise.
And that, IMHO, is a good thing.
I for one, has had a machine cracked once. Several people I know, has had the same happen to them. A friend of mine got his computer rooted less than a week ago. He played around with BIND, trying to learn to configure it a couple of weeks ago -- but forgot to kill the process after playing around with it. He also forgot to check for the latest security patches before starting to play around with it. Oh, and he doesn't read bugtraq everyday, like you and me.
And don't forget, under your propsal, if I found a major bug in some windows service, running on 95% of all dialup windows client worldwide.. I would be able to sue 95% of all dialup clients, due to their negligence to update their systems.
This obviously is wrong.
or is it?
Yes - it is. Because only the major corps, and a FEW interested individuals, would be able to provide internet access - if your proposal became gospel.
-- "Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
Slashdot Mirror
>After investigating, Prodigy canceled the accounts, but was unable to identify the impostor.
.. say .. a netbus infected person.
.. well, its no surprise to me.
Maybe I'm on drugs here, but this sounds like a pretty serious problem to me, when an ISP cannot figure out who is using their own service! Based on the facts as I know them, I think Prodigy should have been held liable for this, since they obviously didn't have some way to verify the identities of their users.
Why? Why on earth should they be able to verify the identities of their users? Should hotmail be able to verify the identity of every single hotmail-account owner?
At the best, prodigy can track down the phone number of the person who dialed in - if they are a dialup service. What does that give them? NADA. I'm not sure how prodigy services works, but if it works the same way as some norwegian ISP's, then someone could've signed up by going to certain webpages, and "signed up" for a free account. Furthermore, you can sign up when bouncing via a proxy
It takes no skill to bounce via some totally anonymous bouncers (netbus infected people, people with non-logging wingates running, and so forth).
That prodigy couldn't identify them
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
They will if they are given enough pressure from governments. Universities are blocking napster.. why shouldn't they block FreeNet?
;)
Napster is easy to block. You just blacklist the napster servers. Freenet is decentralized. I don't remember if its port-bound, but if its not, I don't see how they can block it at all. If it IS port-bound, then you can just set up a tunnel.
How do you think people are using UDP at studby.uio ?
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
FreeNet is still the answer. :)
You cannot block anything perfectly in firewalls. Tunneling solves it pretty good. Set up a proxy, which you can connect via.
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
Here's a question: I know it's a weekend and all, but does anyone care? Is this really newsworthy? Big deal, some website in some God-forsaken backwater country like Russia has some illegal materials available. And Slashdot posts it.
:))
"Illegal". Its illegal, because we in the western world has stupid laws. Of course, those who made it should be properly honored -- but for how long?
And, its important to post, due to the interesting question it raises. Will "illegal" sites like this, be set up in countries which doesn't respect stupid letters from american lawyers? (Hey! Mattel lawyers! I've got your letter to me in glass-and-frame on my wall!!
However, its not long before we'll have freenet. And with it, totaly anonymity and the possibility to post whatever we want, without fear of retribution. I look forward to that.
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
There are lots of people in this discussion that didn't get it to work. It was probably moderated up because the moderator didn't get there neither.
:)
Bugs in the DNS system, or deliberate blocking of it in some DNS servers.
You should know that, studying at IFI
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
People will have to install FreeNet servers - yes. But I don't think that will be a problem. Lots of people will do that. And, maybe one or two corporate firewalls for some companies will block them, but ISP's most certainly won't.
And remember, since freenet isn't dependant on ONE particular site, someone inside such a firewall may always make a 'tunnel' through a proxy, to bypass it.
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
It works. Its in the DNS. Your DNS server has screwed up. (or it is so new that your DNS server caches old DNS data, that isn't correct anymore).
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
I think the answer to all our worries about material beeing pulled from the net, will be answered as soon as FreeNet is finished. One can argue wheter freenet is good or bad. But the single fact remains - that information will become free. Totally free. Nobody will be able to stop it. :)
And that, imho, is a Good Thing.
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
You are forgetting an important fact.
Just because napster provides the tools, doesn't mean that they are responsible for the piracy. They've created a tool for sharing music. Unfortunately its impossible to distinguish (for computer programs) commercial and non-commercial music.
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
If you check out the slashdot thread with that article as a subject, you can read my article (and other) which rebuffed the theory. It is not a good theory. in short - it sucked. :)
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
That is a good tactic against a DOS attack. Not against a DDoS attack. A properly executed DDoS attack includes thousands of machines from all over the world. It is impossible to find a solution to the problem at the moment. If you have enough time on your hands, its no problem involved in scanning millions of ip addresses and finding thousands of vulnerable boxes. With that many boxes under your command - a DDoS attack is a piece of cake to execute.
There is no way to stop it. Your upstream will have to filter out everything - since the SYNpackets will be spoofed. They cannot know the difference between a forged SYN and a legitimate one. As for ICMP's, they can be filtered.
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
Building a honey pot no matter how good a security expert you think you are, is a bad idea.
That, my friend, depends on what your goals are. There are several good reasons to build honeypots.
First of, if you are pretty sure about your network, and that you are an idealist -- creating a honeypot let you see where scans originate from. After that, you can contact the admin of the machine it originated from -- and tell him that he probably is cracked. You've made a friend.
Secondly, if you don't have important data on your network, and just want to catch some fish and watch the ruckus -- i'm sure it can be great fun.
In other words, it depends on your goals, what kind of person you are, and so forth.
Nevermind the fact that you have intentionally left an easily crackable machine on the internet, from which crackers can launch other attacks.
That depends on what you leave on the machine. It also depends on the firewall rules. Not to forget, if you monitor the machine, you may see what he attacks from the machine -- and thereby alert the machine new machine he just cracked into. Someone would've found that other vulnerable machine in time anyways -- so I don't see the damage.
And, if your firewall denies outgoing ICMP's (in heavy quata, and with spoofed ips..) it may not be used in a smurf attacks. Furthermore, if the firewall says "no more than 10 outgoing SYN requests per 5 seconds" we can forget about synflooding too:)
I personally don't know who has the time to set up decoy machines, when it's difficult enough keeping servers patched in a 24x7 production environment.
Not everybody who builds a honeypot is a security professional with little time on his hand to secure a large companys network. I totally agree with you if that is the case. Building honeypots on large companies networks is a Bad Thing (imho).
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
Well, I don't think you'll learn anything by setting up a honeypot. To set up a honeypot you already need to know MUCH more than the average scriptkiddie. And, I'm pretty sure that you'll get 100 scriptkiddies -- or probably even more -- before you catch a SINGLE new and revolutionary cracker.
:)
The best defence against crackers is to follow bugtraq and other security mailinglists. Closely.
otoh, I think it might be useful to set up honeypots VERY FAST after a new type of major bug is found. For example -- if you had set up some honeypots with exploitable BIND daemons just after the vulnerability was released -- my guess would be that you would catch the 'new and C00l' tools for breaking into bind faster.
That actually was a great idea. Next time there is a major Linux bug, i think i'll use a spare machine, install the buggy software on it, and monitor it CLOSELY. That was actually a swell idea. Thank you for leading me onto that thought-path.
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
Signal11. You should know better than saying that you can prepare for DDoS attacks. Nobody can survive a properly executed DDoS attack. Not yahoo.com, not ebay, nobody.
If you kill ALL the bandwidth - with packets, then there is nothing the target can do. NOTHING. Nothing whatsoever.
All it takes, is enough clients to smurf, SYNflood and so forth. The bandwidth will be saturated, and nothing can stop it.
The Net obviously more fragile than you realize.
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
OK NSA? How much did you pay for that droid, to imitate him ? Its obvious that you've hidden the body somewhere, but .. that was a damn good hack.
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
First of all, its no problem to make a honeypot. You install a buggy system, and watch what happens.
.. are you a likely target for someone older than a 15 year old scriptkiddie who "rules on IRC" ? Probably not. Most cracked sites get cracked by scriptkiddies who want a box to install a eggie on, so that they can join it into their IRC botnet.
The problem is
But, back to the question. A good honeypot would be a system that didn't get cracked, but where you created an environment that - for the cracker - seemed to be a normal unix system. First of, you need to create the programs that listenes to different ports. You probably want to listen to port 21, 23, 25, 53, 80, 110, 6000, and probably a couple more -- so that it seems to be a regular system. You should also scan a redhat 5.2 box (or something) and find the exact banners they show. You need to recreate *Exactly* what happens, when someone executes "the" bufferoverflow that usually happens, and so forth.
The question "will it fool good hackers" or whatever the question was - is quite void in my eyes. Good crackers wont scan enourmous subnets for crackable hosts. Its the scriptkiddies that does that kind of thing. And yes -- you will catch them. You will catch hundreds of them. The problem is - the scans and breakins will originate either from wingates - or from other cracked hosts. Sure, its a nice gesture to notify them -- but you probably won't catch any fishes.
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
netbenefits.. sorry :)
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
After writing the above piece, I remembered once using a nifty little tooled called 'netdemon'. Its a windows(god forbid) tool, but I fired up a computer with windows, and downloaded the tool (which is shareware.. 30 days .. then you've got to pay).
.. if i remember correctly. If you don't find it, just search at google.
Using the 'address scanner' you can reverse-resolve any IP range. Since I've yet too see such a tool for *nix (or maybe its just me that's too stupid to figure out how to just reverelookup an iprange;) - I fired it up, and found the list. I suggest that you other slashdot guys do the same. You'll find the tool at www.netdemon.net
Find the most interesting customers of netbeans, and mail them about the ISP's behaviour.
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
Ok, there is no doubt that this needs action. We, the internet community, cannot accept this kind of shit happening.
/19 network. They are pretty big. What we need to do, is to reverselookup each and every Ip address, and gather a list of all domains. We should all do our job, and send a mail to the companies we see fit -- that use netbenefit as a provider. We should inform their customers, as many as possible, about their providers actions.
I did a whois lookup, it turns out that netbenefit owns a
NOTE! We MUST NOT send out a single message to thousands of their customers. That would be spamming. But we should each and every one look up some of them, and mail them.
The mails should have links to this slashdot article, and to all relevant sites. This action should and must be taken As Soon As Possible.
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
No, its not sorted out.
The company could simply request the information sent time after time themselves. They could put in on thypically "popular" URLs. Or they Could spam on UseNet / Irc / whatever with the freenet site, and get lots of newbies to go read.
The problem with this, is that the spammers would get others to pay for their goodies. They would abuse the resources -- to the extreme. So much that good information would fall out.
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
FreeNet is a great idea. But it has a fundamental flaw. The information is stored on dozens of servers, and paid for by dozens of admins. But they cannot delete it.
That means that spammers will have a *Great* time. They can spam whatever they want, and nobody will be able to pull it of the net. Furthermore, they won't pay for the storage of the spam themselves.
Think about it. Making a freenet "website" - and then spamming freenet about it. Nobody would be able to pull it away. More companies would do it , and so forth. The result beeing that freenet gets overloaded with JUNK - and nobody is able to stop it.
Right? (That's my major concern about freenet..)
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
If the MPAA get this idiocy hammered through, then it would be the death of the internet as we know it. If one can be held responsible for the contents of the links you have, or of the links links, then you can be held responsible for .. well, nearly anything.
If the judge allows this to happen, he cannot have much knowledge about the internet. And, it would be a catastrophy. I don't know exactly what can be done, except for a huge demonstration on the day the ruling is. And then I mean HUGE. This needs to get media attention.
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
You're saying that like the 80's was a bad time.
:-)
A time without spam.
A good time.
Let's go back in time.
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
Look at the two things DDoS attacks target: Bandwidth and the remote host(s). Network bandwidth is becoming a non-issue (in the 5-10 year range), so ignore that for now.
No. Its the bandwidth-DDOS'es that will continue to be the problem. As long as there is compromizeable hosts and the possibility of IP-spoffing, it will be "no problem" to exhaust a hosts bandwidth..
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
The problem is the owners and operators of thee subverted systems aren't being held even partially responsible for the DOS attack launched from their systems right under their noise.
.. I would be able to sue 95% of all dialup clients, due to their negligence to update their systems.
And that, IMHO, is a good thing.
I for one, has had a machine cracked once. Several people I know, has had the same happen to them. A friend of mine got his computer rooted less than a week ago. He played around with BIND, trying to learn to configure it a couple of weeks ago -- but forgot to kill the process after playing around with it. He also forgot to check for the latest security patches before starting to play around with it. Oh, and he doesn't read bugtraq everyday, like you and me.
And don't forget, under your propsal, if I found a major bug in some windows service, running on 95% of all dialup windows client worldwide
This obviously is wrong.
or is it?
Yes - it is. Because only the major corps, and a FEW interested individuals, would be able to provide internet access - if your proposal became gospel.
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet