From: mgargiullo at warpdrive.net (Michael Gargiullo)
Subject: Calcuating Loss

On Wed, 2004-05-12 at 11:56, Schmidt, Michael R. wrote:
> Well one of the biggest issues that allows people to remain anonymous is DHCP.  
I Disagree. That's traceable, ask the RIAA or MPAA.

> If everyone on the internet was required to get a static IP address, or to log which IP they were using - using a secure technology then everyone could be tracked, sure a few "super" hackers could still manage to escape detection I am sure, but there is nothing that is the equivalent of a drivers license on the internet.
The Internet is just that, the inter-connection of different networks. 
Each network is owned by someone. If you happen to run a network of 5
computer's and have an internet connection, your network is part of the
internet.
> 
> Sure there would still be criminals using stolen credentials, but IPs are handed out based on location or where you dialed in from.

Ip addresses are handed out from your ISP.  Once your network is large
enough, you can ask for your own block of IP addresses that your
upstream provider (Internet Provider) will route and announce for you.

>  Dialing in can be traced using caller ID, wireless by IP and base station proximity, so just like today, people would have a alibi for the time and place the criminal used their identity.
Why, are you actively online 24/7 ? So for the 5 minutes you spend in
the restroom, I can pull up outside, grab a signal from your AP, and
launch the next Bagel.zzz worm, then leave before your back at your
desk. I used your internet connection to launch it... Your alibi... you
were in the restroom, it couldn't be your fault.  Please. you want to
stop this mess... protect your own network.

> 
> What we need is something that you have to log into (securely) or your DHCP is revoked immediately.

I'll break this down into two parts.  A DHCP address is not revokable.
If your dhcp server gives out 24 hour leases, 12 hours from now, the
computer will check in with the dhcp server.  You may have some luck
then revoking the IP.

>   And of course static IPs are well, static and since they are routed, routes can be logged and therefore trackable.

All IP addresses are routable (Maybe not on the internet), it's how the
client gets the IP address that you've commented on.  Set good policies
on your firewall, and have a lot of storage space for log files.
> 
> So again it is anonymity that causes most of the grief.  
Not entirely.

> If all code had to be signed, then you'd know who wrote it, and running unsigned code would be your own stupid fault.

Are you Steve Ballmer?  Are you talking about Palladium?

So if I write a 5 line perl / C++ / vbs script for some system
administration task, you'd have me spend $$ to have the code signed (By
a recognized CA, like SSL certs) to be able to run and share it.  Ah and
if I just ask people to trust my code and run it...  we're back at
square one.

Do you remember when it wasn't safe to "Trust all content from
Microsoft" yet it was signed by them.

> 
> If you replace a part on some new cars with a non-manufacturers part, you void the warranty. 

Not always, check your warranty

>  But when you run unsigned downloaded for free or sent through email code on your dell, who do you call and expect to fix it when it stops working?
you do the same thing you do when your car breaks down, take it to
someone who can fix it, and pay them to do it.  There's a whole market
based on this principal.

>   The end user is the moron, we require no test to get on the internet and yet we let more people anonymously sign on the net everyday.

Again, let *darwinism take it's course, and protect yourself.

*Where I work you get 1 shot. you get infected the first time, you get a
warning, after that you get a fine. The way our network is setup, a user
has to work at it to get infected.

<snip>

Powered by blists - more mailing lists