lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sat, 17 Nov 2007 13:05:23 +1000
From: "Quark IT - Hilton Travis" <Hilton@...rkIT.com.au>
To: <bugtraq@...urityfocus.com>
Subject: RE: Standing Up Against German Laws - Project HayNeedle

> -----Original Message-----
> From: Florian Echtler [mailto:echtler@...tum.de]
> Sent: Tuesday, 13 November 2007 20:00
> 
> > If I read the law correctly, it requires retention of "what IP
> > connected to another IP" and "which phone number called where." It
> > doesn't bother retaining the URL called (my German is rusty, so I
may
> > be a little off in my interpretation). Connecting to a random IP on
a
> > random open port (80 and 443, for example) would be a good start to
> > accomplish the goal creating chatter. The issue is that the search
> > terms to find those ports could lead to connecting to a site that
> > increases your profile against general background chatter, even as
it
> > is raised with random connection traffic.
> As a native German speaker, allow me to clarify: with respect to IP
> communication, the law mandates saving the following information for 6
> months:
> 
> - which customer was assigned which IP for what timespan
> - sender mail address, receiver mail address and sender IP for each
> mail
> - in case of VOIP: caller and callee phone number and IP address
> 
> So it wouldn't make much sense to create connection noise on a TCP or
> HTTP basis, as this stuff isn't logged. I think one should rather
> concentrate on generating email noise in this regard.
> 
> Yours, Florian

Hi Florian,

The issue with sending email noise is that there is already too much of
it already and it is already classified under the banner "spam".  I can
almost guarantee that were you to start sending random email to many
servers, most of their owners would block your IP immediately, or at
least look at ways of adding you to RBLs and reporting you to whichever
authorities are responsible for enforcing anti-spam and anti-DOS laws.

--

"I'd rather be DOSed than VISTAd" - Hilton Travis, 2007

Regards,

Hilton Travis                          Phone: +61 (0)7 3105 9101
(Brisbane, Australia)                  Phone: +61 (0)419 792 394
Manager,  Quark IT                     www.quarkit.com.au
Director, Quark Group                  www.quarkgroup.com.au

War doesn't determine who is right.  War determines who is left.

This document and any attachments are for the intended recipient 
  only.  It may contain confidential, privileged or copyright 
     material which must not be disclosed or distributed.

                    Quark Group Pty. Ltd.
      T/A Quark Automation, Quark AudioVisual, Quark IT

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ