Re: [fw-wiz] Botnets, IRC servers and firewalls?
From: Gadi Evron (ge_at_linuxbox.org)
To: Gwendolynn ferch Elydyr <email@example.com> Date: Thu, 05 Feb 2004 20:38:11 +0200
> Youch, Gadi!
Indeed, the blood test I had today was SO youch!
> By that particular accounting, we should have you and all of your family
> put down, because people in your town have committed crimes!
As I said, I exaggerated, but so are you.. :)
Should you be held liable if you do not know how to drive a car and hit
a tree? Or a person?
As I said, this is not very much within the realm of possibility, but
ISP's can and should, to a level, be made by the law liable for what
their users do.
For example, port scanning from one of their users... Perhaps for not
responding to abuse reports?
I am not sure exactly to which level this should be held (in my opinion,
and as I said, I am exaggerating, do forgive me). But if you provide a
service you should be held liable, again, to a level, for those who use
it.. to spam.. to attack.. or some other issues?
Your metaphor to my, as stated, exaggerated analogy, is wrong.
Users now can utilize the "Trojan horse defense" to get out of nearly
everything, especially if the evidence in the case were not collected
carefully (such as catch the guy in the act).
> While it's certainly convenient to think that the right technical
> solution can solve complex social issues, it's clearly barking up the
> wrong tree.
User education is indeed a very important issue, and cannot be solved by
technological answers - at least not *completely*.
Take for example a corporate case where educating users about opening
email messages, AND blocking certain types of files + running an anti
virus on email locally + on the server - works (again.. to a level).
> The problem here is user education more than technical innovation.
> Using your [weak] car analogy, all the air bags, seat belts and roll
> cages in the world don't substitute for the driver knowing how to drive
> the vehicle, and take advantage of the safety mechanisms [eg: wearing a
By my "car" analogy, which was -again- an exaggeration to prove a point,
I meant that I believe things won't get better until better laws are
made that force ISP's to deal with abuse, spam, etc.
Sorry for the misunderstanding. :)
Unrelated example of "testing" the user -
The new Mimail that came today is a password protected zip file.
You need to crack the passwd, open the zip and run the worm in order to
get infected.. people still get infected. It would be interesting to see
the statistics in a few days.
I wrote something about user education, and quoted a bank security
officer who did a very cute test to see how users will react to
something new, you can find it in my follow-up to the Israeli bank
If you are interested you can read it at
If it doesn't resolve (have problems today), try
firewall-wizards mailing list