First I would like to say I do not condone John's actions, but I do
sympathise. The road to (internet) hell is paved with good intentions.

I regard emails as small compared to files. You can send far more emails,
and annoy far more people, through email spamming that through
FTP relay and with far less costs. It is feasible to do email spanning from
dial but impractical to FTP relay (and of course dial is time based so less
of an issue). Since dial is so vulnerable (how many use a firewall) then
it is a much bigger risk for spamming

How dangerous are 'experienced people'? Hmm the best way to describe
this problem is the age old question:
Q. Who is more dangerous, a wise man or a fool?
A. The wise man because no one trusts a fool with anything important
(except possibly running a country).

I can't remember the exact scenario of the FTP relay, but a real life
example
was where two experts set up access for some testing, then walked away
thinking each other had closed the access. Through carelessness, human
error, 'cowboy' practises or simply bad luck it is possible for experts to
make
really expensive mistakes.
In know one case where a computer technician put cards in the wrong way
and $ 50,000 later we got the computer back working. Maybe he was thinking
about his holiday, or his baby kept him awake the night before but otherwise
he was good at his job and considered experienced.

regards,

P

NB I think extortion would be more accurate than blackmail, although I
prefer to think John had good intentions

----- Original Message -----
From: "Steve" <steve@focb.iconz.co.nz>
To: <adsl@lists.unixathome.org>
Sent: Thursday, June 20, 2002 1:37 PM
Subject: Re: Your Jetstream/ADSL connection is NOT secure

> At 13:00 20/06/2002 +1200, Picanmix wrote:
> >[snip]
> >Of course the problem is not just JetStream based. While
> >people with dialup will not get high usage, they are leaving their
machine
> >exposed and could still be set up as a relay. I think dial is probably
> >a bigger problem simply because there are more of them (and emails
> >are small)
>
> "emails are small" ?
>
> >I am sympathetic to John. While port scanning was not 'polite' I don't
> >think anyone would have paid attention without it.
>
> And lets all wait till amendment 6 comes along..
>
> Port Scanning is Port Scanning, Spam is Spam, the intentions behind don't
> change the facts, if the AUP of his ISP says "Dont port scan !" then he
> should have at LEAST contacted his ISP to discuss the issues and find out
> if they would relax their AUP in this case
>
> Simply because a Spammer sends me marketing drivel and tags at the end of
> it that its not unsolicited because I somewhere, somehow asked for it -
> does not change the simple fact that it is still Spam.
>
> >The person I saw with FTP relay had deliberately opened up their FTP port
> >on their modem but forgotten to close it when finished, and had left a
> >default
> >password on their FTP server. An they were relativey experienced!
>
> um.. hang on, they opened up an ftp server, put an easily guess-able
> password in place and had the server setup such that it would allow
> relaying ? hmm.. experienced.. I think not grasshopper.
>
> >Notifying the ISPs may have helped, but without the port scan I suspect
> >most would have ignored. Again Telecom would be in a similar position
> >but I don't think Telecom has an easy way to contact all their customers
> >(they usually go through the media or the ISPs)
>
> And what do you base this on ? Almost every ISP I know of would have taken
> a notification like this and scanned their user DSL blocks, some would
even
> have put filters in place to prevent this from being probed from the
> internet wild - I know I myself regularly scan all our netblocks for
> customers running open mail relays, I know when we have other security
> issues brought to our attention then we are in a position to act and tend
> to do-so rather promptly, even if it is to simply send a mailout to all
the
> DSL based customers informing them to check their system settings.
>
> An ISP is in a position to do this as the user is already an existing
> customer, some sparmy IHUG customer sending this to our customer base is
> not appreciated and would be treated the same as any other SPAM message I
> get through my systems if found.
>
> Oh.. and so much for not going to the media for 7 days or so.. I guess the
> entire blackmail thing didn't stick then.. hmm.. ain't blackmail illegal
> under NZ law ?
>
> --
> Steve.
>
>
> --
> This message is part of the NZ ADSL mailing list.
> see http://unixathome.org/adsl/ for archives, FAQ,
> and various documents.
> To unsubscribe: send mail to majordomo@lists.unixathome.org
> with "unsubscribe adsl" in the body of the message
>
>

-- 
This message is part of the NZ ADSL mailing list. 
see http://unixathome.org/adsl/ for archives, FAQ, 
and various documents. 
To unsubscribe: send mail to majordomo@lists.unixathome.org 
with "unsubscribe adsl" in the body of the message