Re: Should IETF do more to fight computer crime?
At 03:13 AM 5/23/00 +0200, Jacob Palme wrote: >That would mean that every time you execute any program, you would >have to get an analysis of its possible harmful effects and decide >whether to accept it. [...] Bruce Schneier's recent Crypto-gram (15 May) newsletter (see http://www.counterpane.com/) contains an essay making the point (among others) that computer systems security is precisely about risk management, which means, among other things, making decisions about acceptable levels of risk. #g Graham Klyne ([EMAIL PROTECTED])
Re: Universal Network Language
Hi, Fred Baker wrote: > > At 11:01 PM 4/20/00 +0200, Anders Feder wrote: > >The translation system being developed for the United Nations, the Universal > >Network Language (UNL), looks quite promising. Does the IETF have any plans > >regarding this system? > > not specifically. Care to make an argument that we should? (1) http://www.unl.ias.unu.edu/publications/gm/breaking/bre/brk-02.htm states that: `UNL represents sentences in the form of logical expressions, without ambiguity. These expressions are not for humans to read, but for computers.' (2) http://www.unl.ias.unu.edu/publications/gm/unlsys/sys-03.htm states that: `it is proposed that the description format for UNL expression is considered as an extension of HTML convention.' Hope this helps, Jean-Paul Jeral ISIS/RIT/WT EC JRC Ispra.
Re: Universal Network Language
On Tue, 23 May 2000, Jean-Paul Jeral wrote: > (1) > http://www.unl.ias.unu.edu/publications/gm/breaking/bre/brk-02.htm > states that: > > `UNL represents sentences in the form of > logical expressions, without ambiguity. > These expressions are not for humans to > read, but for computers.' So is this a machine readable version of an Esperanto style human language or something more like ANDF/UNCOL? Tatty bye, Jim'll
IETF *is* computer crime.
The manner in which unsanctioned anti-democratic organizations control what amounts to the global communications network is a crime unto itself. Citizens utilizing this infra-structure posses no legal protections, no constitutional safeguards and no basic rights or liberties of any variety. We are subject to the chimeric whims of technocrats lost in the clouds of their stock options, fancy job titles and droll rotation of globe hopping symposiums and conferences. Left with no protections we are virtually helpless, hapless and hopeless. The concept of privacy and personal rights and freedoms on the net are fully nul and void. The whole convoluted mess rambles on generating profits for the lever-controllers and box managers and everything is fine and dandy. Except for the pervading fact that bloody security, mechanical network integrity and smooth technical functioning of the machinery do not supercede precious inalienables and undeniables. Except for the truth that people and their intercourses are openly, randomly and completely subject to limitless interferances and interventions. IETF, ISOC, ICANN, ITU and whatever other unsanctioned, informal acretion of pseudo-authority should arise are no places to look for solutions. They embody the problem. They ARE the proble. To search elsewhere is our only alternative. Tou route around, to undermine, to quietly innovate clever detours and innovations. Because the moment the unchanging cast of central authorites are deposed is the moment a solution becomes workable. Look no further than your own self, your own capabilities and capacities. Anyone who seeks freedom or solace from those who benifit the most from our control and the maintenance of their influence can only impede evolution. Alive and very much well, all my opinions only, a very insignificant observer among the masses of the great unplugged, I remain, Bob Allisat
Re: Should IETF do more to fight computer crime?
Jacob Palme <[EMAIL PROTECTED]> wrote: > But would not better logg production in routers be an aid > in finding the villain behind computer crimes? What type of logging do you propose? It seems that the types of logging that are already done enable people to trace the origins of suspicious traffic. --gregbo
RE: Should IETF do more to fight computer crime?
>Jacob Palme <[EMAIL PROTECTED]> wrote: > >> But would not better logg production in routers be an aid >> in finding the villain behind computer crimes? > >What type of logging do you propose? It seems that the types >of logging >that are already done enable people to trace the origins of suspicious >traffic. > >--gregbo True, but only the origin of packets are determined. What is needed is a code of ethics between ISPs , to share information. i.e once a packet leaves isp1 cloud and travels across isp2 cloud, very rarely would isp1 be willing to disclose to isp2,... which (user) is leased that specific dynamic ip address. btw, this info would be required on the fly... so that net admin/sec would be in a better position to pinpoint the perpetrator's habits/ physiological profile etc.. /pd
Re: IETF *is* computer crime.
Hello Bob, I think you are being too harsh on the IETF, ISOC, ICANN, ITU, and "whatever other unsanctioned, informal acretion of pseudo-authorities should arise". As an example, a group of people decided to coordinate efforts in order to communicate with each other. They agreed on a format for the correspondance, and they agreed on a delivery protocol. Before you know it, email is born. Such efforts are a good thing. By agreeing with each other on the mechanics of such a transaction we've enabled the transaction to occur (aside from actual implementation). What wasn't agreed on? Well, one thing not agreed on is what to do if correspondance is sent 'anonymously', containing material that may be of interest to some authority of law, in some country (not even connected to the 'Net at the time email is "standardized"). And of course this is but one possible scenerio not accounted for by the standard describing format and delivery of one particular type of electronic correspondance. But the standard never tried to address any issues it didn't address - it is complete in what it is. That isn't anyone's fault, is it? technologists are technologists, not students of international law. The goal of the IETF is to get us from point A to point B. It isn't to get us from point A to point B with no shit (for lack of a better word) in our way. Neophytos IacovouUniversity of Minnesota Academic & Distributed Computing Services100 Union St. SE email: [EMAIL PROTECTED] Minneapolis, MN 55455 USA
RE: Should IETF do more to fight computer crime?
> From: "Dawson, Peter D" <[EMAIL PROTECTED]> > >Jacob Palme <[EMAIL PROTECTED]> wrote: > > > >> But would not better logg production in routers be an aid > >> in finding the villain behind computer crimes? > > > >What type of logging do you propose? It seems that the types > >of logging > >that are already done enable people to trace the origins of suspicious > >traffic. > > > >--gregbo > True, but only the origin of packets are determined. What is needed is > a code of ethics between ISPs , to share information. > i.e once a packet leaves isp1 cloud and travels across isp2 cloud, > very rarely would isp1 be willing to disclose to isp2,... > which (user) is leased that specific dynamic ip address. > > btw, this info would be required on the fly... so that net admin/sec > would be in a better position to pinpoint the perpetrator's habits/ > physiological profile etc.. Let's actually think for a moment about serious logging or sharing information about Internet traffic. State of the art large routers move Tbits/sec. If the average packet size is 500 bytes, you're talking about logging or sharing information about 100 Mpackets/second. If you only log or share the source and destination IPv4 addresses, TCP or UDP port numbers, in incoming interface, a timestamp, and 1 or 2 bits saying the packet was not unusual (e.g. no TCP options other than window scaling or SAK and no IP options), you're talking about logging or sharing more than 20 bytes/packet or a few GBytes/second/big router. There are 86,400 seconds/day, so you're talking about logging or sharing about 100 TBytes/day per large router. Typical IP paths seem to be at least 10 hops long these days, and often 20 or 30. Most of those routers are not going to be Tbit/sec backbone routers, but more than one will be, and the rest can be counted or aggregated as if they were. Thus, you're talking about logging or sharing several 1000 TBytes/day. Perhaps it would not be a problem to burn 1,000,000 GByte CDROM, tapes, or other media per day, but what would you be able to do with those logs? Searching a 1000 TByte database on the fly, especially if it is merely a primitive sequential log, would be a serious challenge. Yes, not many Tbit routers have been deployed, but they will be, and I think the average packet size is less than 500, which increases the amount of logging. Yes, you might not need to keep those 1000's of TBytes for more than a few days, but you still need a way to do something with them. To put it another way, the complaints from the large ISP's that they cannot police Internet traffic to shield their customers from pornography, talk about World War II political parties, and the other things that various pressure groups and governments dislike have some technical reality. Technical reality always trumps political blather everywhere that matters. Vernon Schryver[EMAIL PROTECTED]
RE: Should IETF do more to fight computer crime?
>-Original Message- >From: Vernon Schryver [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, May 23, 2000 4:14 PM >To: [EMAIL PROTECTED] >Subject: RE: Should IETF do more to fight computer crime? > > >> From: "Dawson, Peter D" <[EMAIL PROTECTED]> > >> >Jacob Palme <[EMAIL PROTECTED]> wrote: >> > >> >> But would not better logg production in routers be an aid >> >> in finding the villain behind computer crimes? >> > >> >What type of logging do you propose? It seems that the types >> >of logging >> >that are already done enable people to trace the origins of >suspicious >> >traffic. >> > >> >--gregbo > >> True, but only the origin of packets are determined. What is >needed is >> a code of ethics between ISPs , to share information. >> i.e once a packet leaves isp1 cloud and travels across isp2 cloud, >> very rarely would isp1 be willing to disclose to isp2,... >> which (user) is leased that specific dynamic ip address. >> >> btw, this info would be required on the fly... so that net admin/sec >> would be in a better position to pinpoint the perpetrator's habits/ >> physiological profile etc.. > > >Let's actually think for a moment about serious logging or sharing >information about Internet traffic. State of the art large routers >move Tbits/sec. If the average packet size is 500 bytes, you're >talking about logging or sharing information about 100 Mpackets/second. >If you only log or share the source and destination IPv4 addresses, >TCP or UDP port numbers, in incoming interface, a timestamp, and 1 or >2 bits saying the packet was not unusual (e.g. no TCP options other >than window scaling or SAK and no IP options), you're talking about >logging or sharing more than 20 bytes/packet or a few GBytes/second/big >router. There are 86,400 seconds/day, so you're talking about logging >or sharing about 100 TBytes/day per large router. > >Typical IP paths seem to be at least 10 hops long these days, and >often 20 or 30. Most of those routers are not going to be Tbit/sec >backbone routers, but more than one will be, and the rest can be >counted or aggregated as if they were. Thus, you're talking about >logging or sharing several 1000 TBytes/day. > >Perhaps it would not be a problem to burn 1,000,000 GByte CDROM, tapes, >or other media per day, but what would you be able to do with >those logs? >Searching a 1000 TByte database on the fly, especially if it is merely >a primitive sequential log, would be a serious challenge. > >Yes, not many Tbit routers have been deployed, but they will be, and I >think the average packet size is less than 500, which >increases the amount >of logging. Yes, you might not need to keep those 1000's of TBytes for >more than a few days, but you still need a way to do something >with them. > >To put it another way, the complaints from the large ISP's >that they cannot >police Internet traffic to shield their customers from >pornography, talk >about World War II political parties, and the other things that various >pressure groups and governments dislike have some technical reality. I agree on the technical reality of tbyte storage/tcpdump etc... > >Technical reality always trumps political blather everywhere >that matters. > Yes, but if I were behind a DMZ and my IDS triggers... and if I got a source address .. my question is... would 'THe ISP' provide any type of information to negate the threat ? is this a political problem?? , beyond technical reality or just plain non-compliance to 'Collabration' ??? /pd
Re: Should IETF do more to fight computer crime?
On Tue, 23 May 2000 18:27:41 -, "Dawson, Peter D" <[EMAIL PROTECTED]> said: > True, but only the origin of packets are determined. What is needed is > a code of ethics between ISPs , to share information. > i.e once a packet leaves isp1 cloud and travels across isp2 cloud, > very rarely would isp1 be willing to disclose to isp2,... > which (user) is leased that specific dynamic ip address. Note that many providers may be legally bound to not give any more information than "Yeah, that's one of our IP addresses". I know we have a lot of issues regarding privacy laws due to the fact that we're an agency of the Commonwealth of Virginia. If we find that one of our students has been naughty, about all we can say to people outside is that we're aware of it and that action is being taken as per our procedures. -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
RE: Should IETF do more to fight computer crime?
>On Tue, 23 May 2000 18:27:41 -, "Dawson, Peter D" ><[EMAIL PROTECTED]> said: >> True, but only the origin of packets are determined. What is >needed is >> a code of ethics between ISPs , to share information. >> i.e once a packet leaves isp1 cloud and travels across isp2 cloud, >> very rarely would isp1 be willing to disclose to isp2,... >> which (user) is leased that specific dynamic ip address. > >Note that many providers may be legally bound to not give any more >information than "Yeah, that's one of our IP addresses". I know we >have a lot of issues regarding privacy laws due to the fact that we're >an agency of the Commonwealth of Virginia. If we find that one of our >students has been naughty, about all we can say to people outside is >that we're aware of it and that action is being taken as per >our procedures. >-- lets say a non-student was naughty and was attacking the vt.edu network... would you feel satisfied with the answer.. "we're aware of it and that action is being taken as per our procedures" knowing fully well that the outage costs is running into a couple of millions on a single site ?? /pd
RE: Should IETF do more to fight computer crime?
When the procedures dictate that government agencies get involved at certain points and you notify them of the outage or problem, what other steps do you recommend? Operational entities are not, in most cases, law enforcement agencies. There is a limit to how much notification one should undertake in these situations. thanks. /m. > -Original Message- > From: Dawson, Peter D [SMTP:[EMAIL PROTECTED]] > Sent: Tuesday, May 23, 2000 3:22 PM > To: IETF general mailing list > Subject: RE: Should IETF do more to fight computer crime? > > > >On Tue, 23 May 2000 18:27:41 -, "Dawson, Peter D" > ><[EMAIL PROTECTED]> said: > >> True, but only the origin of packets are determined. What is > >needed is > >> a code of ethics between ISPs , to share information. > >> i.e once a packet leaves isp1 cloud and travels across isp2 cloud, > >> very rarely would isp1 be willing to disclose to isp2,... > >> which (user) is leased that specific dynamic ip address. > > > >Note that many providers may be legally bound to not give any more > >information than "Yeah, that's one of our IP addresses". I know we > >have a lot of issues regarding privacy laws due to the fact that we're > >an agency of the Commonwealth of Virginia. If we find that one of our > >students has been naughty, about all we can say to people outside is > >that we're aware of it and that action is being taken as per > >our procedures. > >-- > > lets say a non-student was naughty and was attacking the vt.edu network... > would you feel satisfied with the answer.. "we're aware of it and that > action is being taken as per our procedures" knowing fully well that > the outage costs is running into a couple of millions on a single site ?? > /pd
Re: Should IETF do more to fight computer crime?
In message <[EMAIL PROTECTED]>, Valdis.Kletnieks@vt .edu writes: >On Tue, 23 May 2000 18:27:41 -, "Dawson, Peter D" .com> said: >> True, but only the origin of packets are determined. What is needed is >> a code of ethics between ISPs , to share information. >> i.e once a packet leaves isp1 cloud and travels across isp2 cloud, >> very rarely would isp1 be willing to disclose to isp2,... >> which (user) is leased that specific dynamic ip address. > >Note that many providers may be legally bound to not give any more >information than "Yeah, that's one of our IP addresses". I know we >have a lot of issues regarding privacy laws due to the fact that we're >an agency of the Commonwealth of Virginia. If we find that one of our >students has been naughty, about all we can say to people outside is >that we're aware of it and that action is being taken as per our procedures. Right. On the other hand, the AP reports that a French-government sponsored bill would bar anonymous posting to the net. For details, see http://www.techserver.com/noframes/story/0,2294,500207446-500289602-501571097-0,00.html --Steve Bellovin
Re: Should IETF do more to fight computer crime?
Steven M. Bellovin writes: > > Right. On the other hand, the AP reports that a French-government > sponsored bill would bar anonymous posting to the net. For details, > see >http://www.techserver.com/noframes/story/0,2294,500207446-500289602-501571097-0,00.html But should the IETF be fighting this fight? Does the IETF send someone to France in hopes of convincing politicians not to do this? Do we have the most convincing tongues? The strength of the IETF is in technology. Right now we don't even have enough resources to go back and update RFCs with augmented notes stating how popular implementations differ from spec. BTW: I'm not intending to pick on Mr. Bellovin. Neophytos IacovouUniversity of Minnesota Academic & Distributed Computing Services100 Union St. SE email: [EMAIL PROTECTED] Minneapolis, MN 55455 USA
Re: Should IETF do more to fight computer crime?
In message <[EMAIL PROTECTED]>, Danny Iacovou writes: >Steven M. Bellovin writes: >> >> Right. On the other hand, the AP reports that a French-government >> sponsored bill would bar anonymous posting to the net. For details, >> see http://www.techserver.com/noframes/story/0,2294,500207446-500289602-5015 >71097-0,00.html > > But should the IETF be fighting this fight? Does the IETF send someone > to France in hopes of convincing politicians not to do this? Do we have > the most convincing tongues? The strength of the IETF is in technology. > > Right now we don't even have enough resources to go back and update > RFCs with augmented notes stating how popular implementations differ > from spec. > I wasn't suggesting that we should fight it; I was merely citing it as an example of governments following their own agendas, regardless of the underlying technologies. --Steve Bellovin
RE: Should IETF do more to fight computer crime?
> From: "Dawson, Peter D" <[EMAIL PROTECTED]> > ... > I agree on the technical reality of tbyte storage/tcpdump etc... (really technical unreality) > >Technical reality always trumps political blather everywhere > >that matters. > > Yes, but if I were behind a DMZ and my IDS triggers... and if I got a > source address .. my question is... > would 'THe ISP' provide any type of information to negate the threat ? is > this a political problem?? , beyond technical reality or just plain > non-compliance to 'Collabration' ??? How do you identify "The ISP"? RFC 2267 is about ingress filtering, but not egress filtering, logging, flagging, or informing. If you do trust that the IP source address is valid, then what do you need with anything more than we've had for decades? Why can't you telephone a domain contact, and get whatever information or promises of action that the other guy is willing and able to give? As for negating threats, regardless of what the apparent source says, don't you think that the wise course for you is to ensure that your own defenses render the attack harmless? Vernon Schryver[EMAIL PROTECTED]
Re: Should IETF do more to fight computer crime?
On Tue, 23 May 2000 21:22:11 -, "Dawson, Peter D" <[EMAIL PROTECTED]> said: > lets say a non-student was naughty and was attacking the vt.edu network... > would you feel satisfied with the answer.. "we're aware of it and that > action is being taken as per our procedures" knowing fully well that > the outage costs is running into a couple of millions on a single site ?? 1) As a member of our local CIRT, let me assure you that although that response usually doesn't give me warm fuzzies, hearing that action *was* being taken, and being convinced that the people taking the action were technically clued enough to do it, is at least something. We recently had one incident, where the source site was a smallish but not tiny ISP. Turned out they were more than willing to help, but they were glad that they billed users a flat rate per month because they didn't have a *clue* how to bill per hour of connect time because they didn't know where their TAKAX (yes, that's what they called it - took us a while to decipher it) logs were going 2) Much as I'd *love* to be really open with other sites who report problems with our users, I'm certainly in no mood to have our legal staff hassling me because I got the university into hot water by releasing information we weren't allowed to release. Valdis Kletnieks Operating Systems Analyst Virginia Tech
RE: IETF *is* computer crime.
Danny, Bob can fuel this arguement this topic for years and needs no prompting from anyone. Don't get me wrong technically speaking he's on the ball, but politically speaking like all technicians suck. This arguement should be binned and not fueled. Bob, if you got this mail then give it a rest. The IETF does a great job and does'nt deserve or warrent this attack. The people who deserve it are the politicians who are trying to implement "laws" on the use of the InterNet, have a go at them and leave this group alone. Have a nice now. Regards Mark Paton CEO/DIR. Internet Network Eng Mercury Network Systems Limited +44 585 649051 +44 1256 761925 http://www.mnsl.org "Mercury Network Systems - The Unstoppable Force" This e-mail is intended only for the addressee named above. As this e-mail may contain confidential or privileged information if you are not, or suspect that you are not, the named addressee or the person responsible for delivering the message to the named addressee, please telephone us immediately. Please note that we cannot guarantee that this message or any attachment is virus free or has not been intercepted and amended. The views of the author may not necessarily reflect those of the Company. -Original Message- From: Danny Iacovou [mailto:[EMAIL PROTECTED]] Sent: 23 May 2000 20:13 To: Bob Allisat Cc: [EMAIL PROTECTED] Subject: Re: IETF *is* computer crime. Hello Bob, I think you are being too harsh on the IETF, ISOC, ICANN, ITU, and "whatever other unsanctioned, informal acretion of pseudo-authorities should arise". As an example, a group of people decided to coordinate efforts in order to communicate with each other. They agreed on a format for the correspondance, and they agreed on a delivery protocol. Before you know it, email is born. Such efforts are a good thing. By agreeing with each other on the mechanics of such a transaction we've enabled the transaction to occur (aside from actual implementation). What wasn't agreed on? Well, one thing not agreed on is what to do if correspondance is sent 'anonymously', containing material that may be of interest to some authority of law, in some country (not even connected to the 'Net at the time email is "standardized"). And of course this is but one possible scenerio not accounted for by the standard describing format and delivery of one particular type of electronic correspondance. But the standard never tried to address any issues it didn't address - it is complete in what it is. That isn't anyone's fault, is it? technologists are technologists, not students of international law. The goal of the IETF is to get us from point A to point B. It isn't to get us from point A to point B with no shit (for lack of a better word) in our way. -- -- Neophytos Iacovou University of Minnesota Academic & Distributed Computing Services 100 Union St. SE email: [EMAIL PROTECTED] Minneapolis, MN 55455 USA BEGIN:VCARD VERSION:2.1 N:Paton;Mark.;J.S;; FN:Mark. J.S Paton ORG:Mnsl;Consultancy TITLE:Network Design / Support TEL;WORK;VOICE:+44 0585 649051 TEL;CELL;VOICE:+44 (0585) 649051 ADR;WORK;ENCODING=QUOTED-PRINTABLE:;Basingstoke;Willow Cottage=0D=0AReading Road;Mattingley;Hampshire;RG27 8JU;= United Kingdom LABEL;WORK;ENCODING=QUOTED-PRINTABLE:Basingstoke=0D=0AWillow Cottage=0D=0AReading Road=0D=0AMattingley, Hampshire= RG27 8JU=0D=0AUnited Kingdom URL: URL:http://www.mnsl.org EMAIL;PREF;INTERNET:[EMAIL PROTECTED] REV:19990422T133901Z END:VCARD
