[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[connect24h:1536] Re: $BJ|CV%5!<(B$B%P$O5,@)$9$Y$-$+!)(B

To: connect24h@xxxxxxxxxx
Subject: [connect24h:1536] Re: $BJ|CV%5!<(B$B%P$O5,@)$9$Y$-$+!)(B
From: Hiroshi Tsukamoto <hirobo-24@xxxxxxx>
Date: Wed, 28 Nov 2001 23:20:05 +0900

$BDMK\$G$9(B
(B
(BFURUHATA Yoshinori <gtk@xxxxxxxxxx> wrote:
(B
(B> $B<+$N2<$G%V%i%C%/%j%9%F%#%s%0!&!&!&$C$F$I$&$G$7$g!#(B
(B> $B!t(B $B$h$[$I%?%A0-$$$o$$!"$H8@$o$l$=$&$G$9$1$I!#$F$f$+<+J,$G$b$=$&;W$&!#(B
(B
(Bunsecure$B$J%5!<%P$N%V%i%C%/%j%9%F%#%s%0(B(dnsbl)$B$r(Bmonkeys.com$B$N(B
(BRonald F. Guilmette$B$,7W2h$7$F$$$F!"<+J,$b$A$g$C$T$j$@$14X$o$C(B
$B$F$*$j$^$9!#(B
(B
$B$*$b$7$m$$$N$O!"%V%i%C%/%j%9%F%#%s%0$5$l$?%M%C%H%o!<%/$+$i$N(B
$B%&%'%V%"%/%;%9$KBP$7!"!V$"$J$?$N%5!<%P$O$3$&$$$&%j%9%H$KF~$C(B
$B$F$$$F!"$=$N$^$^$@$H%M%C%H$rMxMQ$9$k>e$G$$$m$$$m@)8B$,@8$8$k(B
$B$+$i!"4IM}Aw$7$^$9!#(B
(B=======================================================================
(B
(BI was thinking recently about a new way of attacking the `security
(Bnotification' problem... something where we make better use of web
(Bservers.
(B
(BFor those of you who don't already know, perhaps THE most major problem
(Bwe still have on the net with regards to the many many sites that are still
(Bsuffering from various forms of inept server administration (e.g. open
(Bmail relays, open proxies, and other obvious flaws that would allow,
(Bfor example, rooting of the relevant boxes) is that we (the royal we,
(Bas in everybody who works on these problems) have a hard time even just
(Bgetting in contact with the relevant system administrators, to let them
(Bknow that they have a problem.
(B
(BOh sure, you can try to send e-mail to postmaster@ and to other seemingly
(Brelevant contact addresses, but I believe that many/most of the current
(Bblacklists of open relays out there are already trying to do this, and
(Bobviously, the success rate is rather limited, or else we wouldn't still
(Bhave 100+ thousand open relays on the net.
(B
(BSo anyway, I did a little work recently, hacking on Apache internals
(B(specifically mod_rewrite, to which I added a couple of potentially new
(Band useful features) with the idea in mind that (as in the case of mail
(Bservers) it _should_ theoretically be possible to get a web server
(B(Apache, for instance) to consult an outside DNS-based blacklist, and
(Bto display some different web pages (perhaps containing security warnings)
(Bto any and all visitors who happen to try to view any pages that are
(Bserved up (by a suitably-modified web server), if and only if the visitor
(Bhappens to be coming at the web server from an IP address that is listed
(Bon some specific DNS-based blacklist.
(B
(BAlternatively, it might be possible to force some additional Javascript
(Bcode (e.g. some code which would put up one of those slightly annoying
(Bgrey `notice' pop-up boxes, where you have to click on `OK' to continue)
(Binto each page that gets served up to any IP address that is on some
(Bspecified DNS-based blacklist.  The Javascript notice in this case would
(Bbe something like ``Are you aware that your local system administrator is
(Ban idiot, and that your local mail server is being abused by spammers
(Bbecause it is not properly secured?''  (Remember that the visitor has to
(Bclick on `OK' to continue wherever one of these `notice' pop-ups shows
(Bup.)
(B
(BThere are many possible variations on this general theme, of course.  If
(Ba given site didn't want to harass and annoy their visitors too much,
(Bthen they could perhaps get the grey pop-up notice boxes to appear (ONLY
(Bto visitors who are visiting from some blacklisted IP address) but then
(Ba cookie could be set on the visitor's machine to flag it as one that has
(Balready seen the notice once.  Then, the display of the notice could be
(Bmade conditional on the presence/absence of that cookie, so that once
(Bthe visitor got past the original notice, that visitor could browse the
(Brest of the site _without_ having to see the notice again.
(B
(BAnyway, I think that the general idea of employing web servers to get the
(Bmessage across (e.g. that the visitor's site has a security problem, or that
(Bis is considered to be on a spam-friendly network) may be an idea that has
(Bsome merit... _if_ it can be implemented (which is something that I'm still
(Bnot quite sure about).  This sort of anti-spam tactic could even be employed
(Bby larger sites (and by major ISPs) that are otherwise very reluctant to
(Buse any of the publically-available blacklists to do outright blocking of
(Bincoming e-mail that arrives from `bad' sites/networks.  The web servers
(Bat such sites could play an important role in a less disruptive, but still
(Beffective protest movement against either (a) spam-supporting sites/networks,
(Bor (b) incompetently unsecured sites/networks, or (c) both.
(B
(BHarkening back to the original concept of the MAPS RBL (which simply blocks
(Ball packets from a given `bad' IP address or address range), it is clear
(Bthat some folks, at least, do agree that web services can and should be
(Bused to get the message across to `bad' sites that they have a problem.
(BBut just dropping packets isn't an optimal solution in any sense, as it
(Bleaves the web visitor just scratching his/her head, wondering if what
(Bthey are seeing is just an accidental and/or temporary network outage.
(B
(BIt seems abundantly clear to me that it would be much much better to be
(Bable to arrange things so that (for example) a visitor from a `bad' IP
(Baddress would get a clear and unambiguous message that his/her site is
(Bconsidered `bad' for this specific reason, or for that specific reason,
(Bwhere the web pages that would be displayed (to any visitor from a `bad'
(Bsite or network) would clarify what the exact problem or offense is.
(B
(BIn short, we know that the World Wide Web is not only a great medium for
(Bcommunicating ideas, clearly, and, when appropriate, in multiple languages,
(Bbut also that it is probably THE most popular service provided by/on the
(BInternet at the present time.  Given that, it seems like a Damn Shame that
(Bwe haven't made better use of the web to communicate our collective dis-
(Bpleasure, both to dedicated spamming sites/networks and to ineptly un-
(Bsecured sites and networks.
(B
(BI think that we could rectify that breach, but it would take quite some
(Bwork.
(B
(BIs anybody other than me interested in this possibility?  If I, or someone
(Belse built it, would anybody come?
(B
(B
(BRegards,
(Brfg
(B
(B
(BP.S.  The general idea I've put forward above would probably be most
(Bparticularly helpful in the case of dealing with (i.e. notifying) the
(Bowners of unsecured proxies... a serious and growing problem.  Just
(Bthink about the reaction of an end user who got a notice like ``You can't
(Bview this web site because the person who administers your local proxy
(Bis an idiot, and he/she has left the proxy wide open for abuse.''
(B
(B(Of course, some sites would opt to use more polite language in the notices,
(Bbut the basic idea is still the same... getting the message across.)
(B
(B
(BP.P.S.  I've been having some DNS difficulties in the past couple of days,
(Ball of my own making.  If you send me private e-mail, and if it doesn't
(Bseem to go through, either right away or at all, please try it again in
(Babout 24 hours.  Thanks.
(B
(B-- 
$BDMK\(B  $B90(B
(Bhirobo-24@xxxxxxx
(B
(B
(B--[PR]------------------------------------------------------------------
$B!Z(BFreeML$B$+$i$N$*CN$i$;![(B
(B $B%f!<%6!http://www.freeml.com/reg_member1.php
(B------------------------------------------------------------------[PR]--
(B<GMO GROUP> Global Media Online  www.gmo.jp

Follow-Ups:
- [connect24h:1537] Re: $BJ|CV%5!<(B$B%P$O5,@)$9$Y$-$+!)(B
  - From: tadashi nagao
- [connect24h:1558] Re: $BJ|CV%5!<(B$B%P$O5,@)(B $B$9(B$B$Y$-$+!)(B
  - From: Hiroshi Tsukamoto

References:
- [connect24h:1486] Re: $BJ|CV%5!<(B$B%P$O5,@)$9$Y$-$+!)(B
  - From: koinuma
- [connect24h:1503] Re: $BJ|CV%5!<(B$B%P$O5,@)$9$Y$-$+!)(B
  - From: FURUHATA Yoshinori

Prev by Date: [connect24h:1535] $BF|K\$G(BWinMX$B$GBaJa

Next by Date: [connect24h:1537] Re: $BJ|CV%5!<(B$B%P$O5,@)$9$Y$-$+!)(B
Previous by thread: [connect24h:1527] Re: $BJ|CV%5!<(B$B%P$O5,@)$9$Y$-$+!)(B
Next by thread: [connect24h:1537] Re: $BJ|CV%5!<(B$B%P$O5,@)$9$Y$-$+!)(B
Index(es):
- Date
- Thread

[connect24h:1536] Re: $BJ|CV%5!<(B$B%P$O5,@)$9$Y$-$+!)(B

[connect24h:1536] Re: $BJ|CV%5!<(B$B%P$O5,@)$9$Y$-$+!)(B