Hackers Targeting Home Computers
Enzo Michelangeli
em at who.net
Sun Jan 6 19:21:16 EST 2002
----- Original Message -----
From: "Eugene Leitl" <Eugene.Leitl at lrz.uni-muenchen.de>
To: "Hack Hawk" <hh at hackhawk.net>
Cc: "Hadmut Danisch" <hadmut at danisch.de>; "Digital Bearer Settlement List"
<dbs at philodox.com>; <cryptography at wasabisystems.com>; <dcsb at ai.mit.edu>
Sent: Sunday, 06 January, 2002 7:41 PM
> On Fri, 4 Jan 2002, Hack Hawk wrote:
>
> > It surprises me that providers like Earthlink & GTE (I have one DSL on
> > each) aren't taking measures to filter out virus traffic from infected
> > systems. It seems a simple enough task to me.
>
> A *very* bad idea. First, the traffic doesn't bother me, personally. In
> fact, it creates a need to use more diverse, and more secure systems.
>
> Secondly, building realtime pattern recognition and traffic blocking
> capability is something certainly to be abused in future.
Not only in future. Here is one example of questionable traffic filtering
initiative that is already being taken: listening to zealots like Steve
Gibson( http://grc.com/dos/winxp.htm#egress ) some providers have started to
block IP packets with unexpected source IP addresses, in the assumption that
they might be spoofed for evil purposes. Apart from creating difficulties to
dual-homed systems (unless policy-based routing is used to send reply
packets to the appropriate feed, avoiding asymmetric routing), this also
blocks the operations of privacy enhancement services such as the late
"Triangle boy" (now discontinued by Safeweb, but that's another story).
Enzo
[Moderator's note: I must strongly disagree. Egress filtering
throughout the internet is of critical importance in stopping many
classes of attacks, and generally hurts no one legitimate. If you are
multi-homed in the sense of having multiple IP blocks, send out the
packets via the same path they came in -- setting that up is
straightforward. (I in fact do that, so any claims that it isn't
straightforward are unlikely to be believed, at least by me.) --Perry]
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list