lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <4B50A2BB.2040907@linuxbox.org>
Date: Fri, 15 Jan 2010 19:15:39 +0200
From: Gadi Evron <ge@...uxbox.org>
To: "Thor (Hammer of God)" <thor@...merofgod.com>
Cc: "bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>
Subject: Re: All China, All The Time

On 1/15/10 6:40 PM, Thor (Hammer of God) wrote:
> I could only imagine.  The other problem is that many people seem to think I'm saying something against the Chinese *people* themselves, based on the "f* you round-eye* messages I've received (and they call ME racist).  They don't seem to get the clear distinction (to me) between the Chinese people and China's network.  It's the machines I'm concerned with the attacks coming from those machine.  Just because the machine is sourced in China doesn't mean the attacker is - so I have to do the best I can to defend against the machines.  However, that unfortunately comes across to those who choose not to think it through as me saying something against the Chinese themselves.
>
> Then again, as you well know, people will take any opportunity they can just to be ugly and confrontational, and to have something to rail about.  In the face of the reality of China's horribly infected network, when I suggest blocking that traffic (as many others have and do), they seize the opportunity to call me prejudice and a racist.

The Chinese network is indeed very infected, which in turn causes the 
rest of the world great computerized harm. Nobody disputes this.

The solution of blocking China, however, is one which harms both people 
outside of China, as well as those inside of China. Therefore, it 
translates into an attack on them.

Looking it this operationally:

1. Functionality

	Do you have clients who need to interconnect with China's
	networks, or expect people to connect to you from China?

	If so, the cost of security by blocking may be unjustifiable.

2. Urgency

	If a lot of IP sources attack you from China RIGHT NOW, and you
	need immediate mitigation, blocking China short-term may work,
	but obviously not as a permanent solution.

As to "getting rid" or "refusing to connect with" networks with 
extremely bad reputation, that may be quite acceptable on an individual 
bases, but not on the Internet-scale, as things stand right now.

When I facilitated making Atrivo (and others) no longer welcome on the 
Internet, it was a brand new move, and it helped change the social 
belief of "don't be the Internet's firewall" to "some bad actors 
shouldn't be here, but generally don't be the Internet's firewall."

Such social change to encourage new technological and operational 
solutions happenes every 2-5 years or so, and I don't expect anything 
large enough such as an AS-based reputation system to happen anytime soon.

Also, you should consider that such actions also have direct political 
and diplomatic ramifications neither of us understands.

So, for now, I'd say that each of us should make such decisions by our 
own risk analysis with the trade-off between costs and benefits in mind, 
and only for our own networks.

Aside to that, I know some people in China who work very hard on 
security, and do a better job than we do at it. But that does not mean 
the situation as it stands now is acceptable.

> IOW, I really don't think the tag had that much to do with it now...

People are just picking on you because they can. I can only share how I 
see such Internet discussions.

Cost of doing business, just consider your responses on a level of (time 
== money) && what your response would gain for you or the community. If 
the answer is nothing, then examine whether you still believe it is 
worth it. If yes, just do it. If not, move along.

That is my basic guideline after years of trial by fire.

Also, you will always be misunderstood, be careful in your language, but 
not so much that tl;dr. State your case with the obvious exceptions, and 
discuss misunderstandings later. As trying to anticipate everything as 
an opposite example to just saying what you think would mean people will 
just nitpick on one lower-hanging fruit item, or ignore.

	Gadi.

>
> T
>
>
>
>> -----Original Message-----
>> From: Gadi Evron [mailto:ge@...uxbox.org]
>> Sent: Thursday, January 14, 2010 6:27 PM
>> To: Thor (Hammer of God)
>> Cc: bugtraq@...urityfocus.com
>> Subject: Re: All China, All The Time
>>
>> On 1/14/10 8:09 AM, Thor (Hammer of God) wrote:
>>> So, apparently my "witty" tag via Google Translate means something I
>> didn't quite mean.  Surprise, surprise.  Luckily it wasn't something
>> vulgar, (that's what I get for trusting Google Translate and trying to
>> be funny) but what I meant it to say was "If you can read this, don't
>> bother replying because my servers won't get it."  However, it seems to
>> mean something like "don't reply because you are not welcome here" or
>> similar.  That wasn't my intention, as it seems to infer I actually
>> have something against the Chinese people and not their networks, which
>> I take issue with.
>>>
>>> Sorry for the poorly translated reference.
>>
>> People always try and send me Hebrew using Google Translate... it's
>> usually word for word which means it breaks sentence structure. Then it
>> misses context, translating words with different meanings. Then it
>> completely mistranslates by using the root of the word, or similar,
>> anything it doesn't know.
>>
>> All in all, while it can't be confused with real Hebrew, it is quite
>> clear.
>>
>> Chinese seems a bit (understatement) more complicated, though. Hebrew,
>> while hard to learn at first, is a very easy language when considering
>> most parameters.
>>
>> 	Gadi.
>>
>>
>> --
>> Gadi Evron,
>> ge@...uxbox.org.
>>
>> Blog: http://gevron.livejournal.com/
>


-- 
Gadi Evron,
ge@...uxbox.org.

Blog: http://gevron.livejournal.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ