Scanning the Internet for Vulnerabilities Re: 202207240927.AYC
Abraham Y. Chen
aychen at avinta.com
Sun Jul 24 14:20:13 UTC 2022
1) "... dynamically assigned IP address space can still be tracked back
to a given system ... ": I fully agree with this statement. However,
A. You overlooked the critical consideration of the response time.
If this can not be done in real time for law enforcement purposes, it is
B. Also, the goal is to spot the specific perpetrator, not the
"system" which is too general to be meaningful. In fact, this would
penalize the innocent users who happen to be on the same implied "system".
C. In addition, for your “whack-a-mole” metaphor, the party in
charge is the mole, not the party with the mallet. It is a losing game
for the mallet right from the beginning.
So, the current Internet practices put us way behind the starting
line even before the game. Overall, this environment is favored by
multi-national businesses with perpetrators riding along in the
background. When security is breached, there are more than enough
excuses to point the finger to. No wonder the outcome has always been
disappointing for the general public.
2) What we need to do is to reverse the roles in every one of the above
situations, if we hope for any meaningful result, at all. The starting
point is to review the root differences between the Internet and the
traditional communication systems. With near half a century of the
Internet experience, we should be ready to study each issue from its
source, not by perpetuating its misleading manifestations.
Abe (2022-07-24 10:19 EDT)
On 2022-07-24 07:27, John Curran wrote:
> Abe -
> Static versus dynamic address assignment isn’t the problem -
> dynamically assigned IP address space can
> still be tracked back to a given system (reference: RFC6302/BCP162 &
> RFC6269 for discussion of the
> requirements and various related issues.)
> Tracking back to a particular server doesn’t really matter if all that
> happens is that the service is terminated
> (as the culprit will simply appear elsewhere in the Internet with a
> new connection/server and start over.)
> Alas, the situation doesn’t change unless/until there’s a willingness
> to engage law enforcement and pursue
> the attackers to prevent recurrence. This is non-trivial, both
> because of the skills necessary, the volume of
> attacks, the various jurisdictions involved, etc. – but the greatest
> obstacle is simply the attitude of “Why bother,
> that’s just the way it is…”
> With zero effective back pressure, we shouldn’t be surprised as
> frequency of attempts grows without bound.
> Disclaimers: my views alone – no one else would claim them. Feel free
> to use/reuse/discard as you see fit.
>> On 23 Jul 2022, at 10:28 PM, Abraham Y. Chen <aychen at avinta.com> wrote:
>> Hi, John:
>> 1) "... i.e. we’re instead going to engage in the worlds longest
>> running game of “whack-a-mole” by just blocking their last known
>> website/mail server/botnet and the wishing for the best… ":
>> Perhaps it is time for us to consider the "Back to the Future"
>> strategy, i.e., the Internet should practice static IP address like
>> all traditional communication system did?
>> Abe (2022-07-23 22:27 EDT)
>> On 2022-06-22 10:35, John Curran wrote:
>>> Barry -
>>> There is indeed a metaphor to your “rattling doorknobs", but it’s
>>> not pretty when it comes to the Internet…
>>> If you call the police because someone is creeping around your
>>> property checking doors and windows for
>>> possible entry, then they will indeed come out and attempt to
>>> arrest the perpetrator (I am most certainly
>>> not a lawyer, but as I understand it even the act of opening an
>>> unlocked window or door is sufficient in many
>>> jurisdictions to satisfy the “breaking the seal of the property”
>>> premise and warrant charging under breaking
>>> and entering statues.)
>>> Now welcome to the Internet… paint all your windows black, remove
>>> all lighting save for one small bulb
>>> over your front entry. Sit back and enjoy the continuous sounds
>>> of rattling doorknobs and scratching at
>>> the windows.
>>> If/when you find a digital culprit creeping around inside the
>>> home, your best option is burn down the place
>>> and start anew with the copies you keep offsite in storage
>>> elsewhere. Similarly if you find a “trap” (e.g.,
>>> a phishing email) placed on your patio or amongst your mail…
>>> discard such cautiously and hope your
>>> kids use equal care.
>>> “Best practice” for handling these situations on the Internet is
>>> effectively to cope as best you can despite
>>> being inundated with attempts – i.e. most Internet security
>>> professionals and law enforcement will tell you
>>> that the idea of actually trying to identify and stop any of the
>>> culprits involved is considered rather quaint
>>> at best – i.e. we’re instead going to engage in the worlds longest
>>> running game of “whack-a-mole” by just
>>> blocking their last known website/mail server/botnet and the
>>> wishing for the best…
>>> Enjoy your Internet!
>>> Disclaimers: My views alone - use, reuse, or discard as desired.
>>> This message made of 100% recycled electrons.
>>>> On 22 Jun 2022, at 12:04 AM, bzs at theworld.com wrote:
>>>> When I lock the doors etc to my home I'll often mutter "ya know, if
>>>> someone is rattling my door knob I already have a big problem."
>>>> I suppose when I'm home it might give me a warning if I hear it.
>>>> There must be a metaphor in there somewhere.
>>>> I do recall as a teen noticing that one of the closed store's on the
>>>> main drag's door was unlocked late one night walking home (this was in
>>>> I saw a cop and told him and he scolded me angrily for rattling door
>>>> knobs, I could be arrested for that! But verified it, looked around
>>>> inside with his flashlight, and called it in.
>>>> I forget how I noticed but I wasn't in the habit of rattling stores'
>>>> door knobs, I think the door was just a bit ajar.
>>>> There must be a metaphor in there somewhere.
>>>> On June 21, 2022 at 10:01 mpalmer at hezmatt.org (Matt Palmer) wrote:
>>>>> On Mon, Jun 20, 2022 at 02:18:30AM +0000, Mel Beckman wrote:
>>>>>> When researchers, or whoever, claim their scanning an altruistic
>>>>>> I ask them if they would mind someone coming to their home and
>>>>>> trying to
>>>>>> open all the doors and windows every night.
>>>>> If there were a few hundred people with nefarious intent trying to
>>>>> open your
>>>>> doors and windows every night, someone doing the same thing with
>>>>> intent might not be such a bad thing.
>>>>> - Matt
>>>> -Barry Shein
>>>> Software Tool & Die |bzs at TheWorld.com|http://www.TheWorld.com
>>>> Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD
>>>> The World: Since 1989 | A Public Information Utility | *oo*
>> This email has been checked for viruses by Avast antivirus software.
This email has been checked for viruses by Avast antivirus software.
More information about the NANOG