Re: [fw-wiz] Botnets, IRC servers and firewalls?

From: Gadi Evron (
Date: 02/05/04

  • Next message: Gadi Evron: "Re: [fw-wiz] Botnets, IRC servers and firewalls?"
    To: Gwendolynn ferch Elydyr <>
    Date: Thu, 05 Feb 2004 20:38:11 +0200

    > Youch, Gadi!

    Indeed, the blood test I had today was SO youch!

    > By that particular accounting, we should have you and all of your family
    > put down, because people in your town have committed crimes!

    As I said, I exaggerated, but so are you.. :)
    Should you be held liable if you do not know how to drive a car and hit
    a tree? Or a person?

    As I said, this is not very much within the realm of possibility, but
    ISP's can and should, to a level, be made by the law liable for what
    their users do.

    For example, port scanning from one of their users... Perhaps for not
    responding to abuse reports?

    I am not sure exactly to which level this should be held (in my opinion,
    and as I said, I am exaggerating, do forgive me). But if you provide a
    service you should be held liable, again, to a level, for those who use
    it.. to spam.. to attack.. or some other issues?

    Your metaphor to my, as stated, exaggerated analogy, is wrong.

    Users now can utilize the "Trojan horse defense" to get out of nearly
    everything, especially if the evidence in the case were not collected
    carefully (such as catch the guy in the act).

    > While it's certainly convenient to think that the right technical
    > solution can solve complex social issues, it's clearly barking up the
    > wrong tree.

    User education is indeed a very important issue, and cannot be solved by
    technological answers - at least not *completely*.

    Take for example a corporate case where educating users about opening
    email messages, AND blocking certain types of files + running an anti
    virus on email locally + on the server - works (again.. to a level).

    > The problem here is user education more than technical innovation.
    > Using your [weak] car analogy, all the air bags, seat belts and roll
    > cages in the world don't substitute for the driver knowing how to drive
    > the vehicle, and take advantage of the safety mechanisms [eg: wearing a
    > seatbelt].

    By my "car" analogy, which was -again- an exaggeration to prove a point,
    I meant that I believe things won't get better until better laws are
    made that force ISP's to deal with abuse, spam, etc.

    Sorry for the misunderstanding. :)

    Unrelated example of "testing" the user -

    The new Mimail that came today is a password protected zip file.

    You need to crack the passwd, open the zip and run the worm in order to
    get infected.. people still get infected. It would be interesting to see
    the statistics in a few days.

    I wrote something about user education, and quoted a bank security
    officer who did a very cute test to see how users will react to
    something new, you can find it in my follow-up to the Israeli bank
    wireless hack.

    If you are interested you can read it at

    If it doesn't resolve (have problems today), try .

            Gadi Evron.

    firewall-wizards mailing list

  • Next message: Gadi Evron: "Re: [fw-wiz] Botnets, IRC servers and firewalls?"