[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <4B50A2BB.2040907@linuxbox.org>
Date: Fri, 15 Jan 2010 19:15:39 +0200
From: Gadi Evron <ge@...uxbox.org>
To: "Thor (Hammer of God)" <thor@...merofgod.com>
Cc: "bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>
Subject: Re: All China, All The Time
On 1/15/10 6:40 PM, Thor (Hammer of God) wrote:
> I could only imagine. The other problem is that many people seem to think I'm saying something against the Chinese *people* themselves, based on the "f* you round-eye* messages I've received (and they call ME racist). They don't seem to get the clear distinction (to me) between the Chinese people and China's network. It's the machines I'm concerned with the attacks coming from those machine. Just because the machine is sourced in China doesn't mean the attacker is - so I have to do the best I can to defend against the machines. However, that unfortunately comes across to those who choose not to think it through as me saying something against the Chinese themselves.
>
> Then again, as you well know, people will take any opportunity they can just to be ugly and confrontational, and to have something to rail about. In the face of the reality of China's horribly infected network, when I suggest blocking that traffic (as many others have and do), they seize the opportunity to call me prejudice and a racist.
The Chinese network is indeed very infected, which in turn causes the
rest of the world great computerized harm. Nobody disputes this.
The solution of blocking China, however, is one which harms both people
outside of China, as well as those inside of China. Therefore, it
translates into an attack on them.
Looking it this operationally:
1. Functionality
Do you have clients who need to interconnect with China's
networks, or expect people to connect to you from China?
If so, the cost of security by blocking may be unjustifiable.
2. Urgency
If a lot of IP sources attack you from China RIGHT NOW, and you
need immediate mitigation, blocking China short-term may work,
but obviously not as a permanent solution.
As to "getting rid" or "refusing to connect with" networks with
extremely bad reputation, that may be quite acceptable on an individual
bases, but not on the Internet-scale, as things stand right now.
When I facilitated making Atrivo (and others) no longer welcome on the
Internet, it was a brand new move, and it helped change the social
belief of "don't be the Internet's firewall" to "some bad actors
shouldn't be here, but generally don't be the Internet's firewall."
Such social change to encourage new technological and operational
solutions happenes every 2-5 years or so, and I don't expect anything
large enough such as an AS-based reputation system to happen anytime soon.
Also, you should consider that such actions also have direct political
and diplomatic ramifications neither of us understands.
So, for now, I'd say that each of us should make such decisions by our
own risk analysis with the trade-off between costs and benefits in mind,
and only for our own networks.
Aside to that, I know some people in China who work very hard on
security, and do a better job than we do at it. But that does not mean
the situation as it stands now is acceptable.
> IOW, I really don't think the tag had that much to do with it now...
People are just picking on you because they can. I can only share how I
see such Internet discussions.
Cost of doing business, just consider your responses on a level of (time
== money) && what your response would gain for you or the community. If
the answer is nothing, then examine whether you still believe it is
worth it. If yes, just do it. If not, move along.
That is my basic guideline after years of trial by fire.
Also, you will always be misunderstood, be careful in your language, but
not so much that tl;dr. State your case with the obvious exceptions, and
discuss misunderstandings later. As trying to anticipate everything as
an opposite example to just saying what you think would mean people will
just nitpick on one lower-hanging fruit item, or ignore.
Gadi.
>
> T
>
>
>
>> -----Original Message-----
>> From: Gadi Evron [mailto:ge@...uxbox.org]
>> Sent: Thursday, January 14, 2010 6:27 PM
>> To: Thor (Hammer of God)
>> Cc: bugtraq@...urityfocus.com
>> Subject: Re: All China, All The Time
>>
>> On 1/14/10 8:09 AM, Thor (Hammer of God) wrote:
>>> So, apparently my "witty" tag via Google Translate means something I
>> didn't quite mean. Surprise, surprise. Luckily it wasn't something
>> vulgar, (that's what I get for trusting Google Translate and trying to
>> be funny) but what I meant it to say was "If you can read this, don't
>> bother replying because my servers won't get it." However, it seems to
>> mean something like "don't reply because you are not welcome here" or
>> similar. That wasn't my intention, as it seems to infer I actually
>> have something against the Chinese people and not their networks, which
>> I take issue with.
>>>
>>> Sorry for the poorly translated reference.
>>
>> People always try and send me Hebrew using Google Translate... it's
>> usually word for word which means it breaks sentence structure. Then it
>> misses context, translating words with different meanings. Then it
>> completely mistranslates by using the root of the word, or similar,
>> anything it doesn't know.
>>
>> All in all, while it can't be confused with real Hebrew, it is quite
>> clear.
>>
>> Chinese seems a bit (understatement) more complicated, though. Hebrew,
>> while hard to learn at first, is a very easy language when considering
>> most parameters.
>>
>> Gadi.
>>
>>
>> --
>> Gadi Evron,
>> ge@...uxbox.org.
>>
>> Blog: http://gevron.livejournal.com/
>
--
Gadi Evron,
ge@...uxbox.org.
Blog: http://gevron.livejournal.com/
Powered by blists - more mailing lists