RE: [Full-Disclosure] Calcuating Loss

From: Michael Gargiullo (mgargiullo_at_warpdrive.net)
Date: 05/12/04

  • Next message: Scott Taylor: "RE: [Full-Disclosure] Wireless ISPs" 
    To: "Schmidt, Michael R." <Michael.Schmidt@T-Mobile.com>
Date: Wed, 12 May 2004 13:53:23 -0400

    On Wed, 2004-05-12 at 11:56, Schmidt, Michael R. wrote:
    > Well one of the biggest issues that allows people to remain anonymous is DHCP.
    I Disagree. That's traceable, ask the RIAA or MPAA.

    > If everyone on the internet was required to get a static IP address, or to log which IP they were using - using a secure technology then everyone could be tracked, sure a few "super" hackers could still manage to escape detection I am sure, but there is nothing that is the equivalent of a drivers license on the internet.
    The Internet is just that, the inter-connection of different networks.
    Each network is owned by someone. If you happen to run a network of 5
    computer's and have an internet connection, your network is part of the
    internet.
    >
    > Sure there would still be criminals using stolen credentials, but IPs are handed out based on location or where you dialed in from.

    Ip addresses are handed out from your ISP. Once your network is large
    enough, you can ask for your own block of IP addresses that your
    upstream provider (Internet Provider) will route and announce for you.

    > Dialing in can be traced using caller ID, wireless by IP and base station proximity, so just like today, people would have a alibi for the time and place the criminal used their identity.
    Why, are you actively online 24/7 ? So for the 5 minutes you spend in
    the restroom, I can pull up outside, grab a signal from your AP, and
    launch the next Bagel.zzz worm, then leave before your back at your
    desk. I used your internet connection to launch it... Your alibi... you
    were in the restroom, it couldn't be your fault. Please. you want to
    stop this mess... protect your own network.

    >
    > What we need is something that you have to log into (securely) or your DHCP is revoked immediately.

    I'll break this down into two parts. A DHCP address is not revokable.
    If your dhcp server gives out 24 hour leases, 12 hours from now, the
    computer will check in with the dhcp server. You may have some luck
    then revoking the IP.

    > And of course static IPs are well, static and since they are routed, routes can be logged and therefore trackable.

    All IP addresses are routable (Maybe not on the internet), it's how the
    client gets the IP address that you've commented on. Set good policies
    on your firewall, and have a lot of storage space for log files.
    >
    > So again it is anonymity that causes most of the grief.
    Not entirely.

    > If all code had to be signed, then you'd know who wrote it, and running unsigned code would be your own stupid fault.

    Are you Steve Ballmer? Are you talking about Palladium?

    So if I write a 5 line perl / C++ / vbs script for some system
    administration task, you'd have me spend $$ to have the code signed (By
    a recognized CA, like SSL certs) to be able to run and share it. Ah and
    if I just ask people to trust my code and run it... we're back at
    square one.

    Do you remember when it wasn't safe to "Trust all content from
    Microsoft" yet it was signed by them.

    >
    > If you replace a part on some new cars with a non-manufacturers part, you void the warranty.

    Not always, check your warranty

    > But when you run unsigned downloaded for free or sent through email code on your dell, who do you call and expect to fix it when it stops working?
    you do the same thing you do when your car breaks down, take it to
    someone who can fix it, and pay them to do it. There's a whole market
    based on this principal.

    > The end user is the moron, we require no test to get on the internet and yet we let more people anonymously sign on the net everyday.

    Again, let *darwinism take it's course, and protect yourself.

    *Where I work you get 1 shot. you get infected the first time, you get a
    warning, after that you get a fine. The way our network is setup, a user
    has to work at it to get infected.

    <snip>

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Scott Taylor: "RE: [Full-Disclosure] Wireless ISPs"

    Relevant Pages

    • Re: SuSE home network
      ... > 2000) connected to a cable modem. ... > up to four internet connections via dhcp. ... >From your ISP's network or from your own internal network? ...
      (alt.os.linux.suse)
    • RE: [Full-Disclosure] Calcuating Loss
      ... The Internet is just that, ... Each network is owned by someone. ... > What we need is something that you have to log into or your DHCP is revoked immediately. ... > So again it is anonymity that causes most of the grief. ...
      (Full-Disclosure)
    • Re: Multiple IP Schemes for Different Buildings
      ... The linksys on your first network stays as it is, ... DHCP broadcast is on the local subnet only, ... router to forward internet traffic to your firewall. ... If each server has it's own DHCP server then I don't need to worry ...
      (microsoft.public.windows.server.general)
    • Re: Key words or phrases
      ... the wireless connects via dhcp. ... > DHCP Server) for the Network Card with network address xxxxxxxxxxxx. ... > "George Hester" wrote in message ... >> cable access to the internet, all have latest updates and service packs ...
      (microsoft.public.win2000.general)
    • Re: Key words or phrases
      ... the wireless connects via dhcp. ... DHCP Server) for the Network Card with network address xxxxxxxxxxxx. ... "Kevin Nelson" wrote in message ... > cable access to the internet, all have latest updates and service packs ...
      (microsoft.public.win2000.general)
    • Quantcast