Re: CSI New York fake IPv6

[Ina Faye-Lund]

On Sun, Mar 20, 2011 at 06:35:35PM -0400, Patrick W. Gilmore wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> - -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> On Mar 20, 2011, at 6:29 PM, valdis.kletni...@vt.edu wrote:
> > On Mon, 21 Mar 2011 08:44:50 +1100, Skeeve Stevens said:
> > 
> >> http://www.eintellego.net/public/CSINY.s07e17-fakev6.jpg
> >> 
> >> Promoting IPv6 = Win!
> >> Dodgy Address = Fail!
> > 
> > Intentional Fail, probably, similar to how most phone numbers on a TV show 
> > are
> > in the 555 exchange. You put a number on TV, and drunk idiots will call it, 
> > as
> > a number of annoyed people found out after Tommy Tutone had an actual hit
> > song...  257 seems to be a popular octet value.
> > 
> > (Personally, I'm surprised 148.18.1.193 got used in that image)
> 
> So am I.  But I'm surprised 1918 space was used as well.  ANY v4 address will 
> get typed into ping or a browser or something by someone if it is on TV.  How 
> many corporations have 1918 space that their VPN'ed home users are about to 
> abuse because of that?
> 
> Is 127.0.0.1 / ::1 the Internet version of "555"?  Or will "I hurt myself, so 
> now I'm going to sue you" mean we can't even use that?

I would have used 192.0.2.0/24.  It is the IPv4 version of example.com.

-- 
Ina

Re: ISP Responsibilities [WAS: Re: Nato warns of strike against cyber attackers]

[Ina Faye-Lund]

On Tue, Jun 08, 2010 at 11:14:10PM -0700, Paul Ferguson wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> To cut through the noise and non-relevant discussion, let's see if we can
> boil this down to a couple of issues:
> 
> 1. Should ISPs be responsible for abuse from within their customer base?

No and no.  The first no being legally, the second, morally.

The user is responsible for the abuse.  Now, if the question had been whether
the ISP should be responsible for dealing with it appropriately, then the
answer would be yes.

Of course, when it comes to the legal aspect, it would probably vary from
country to country.  No, let me rephrase that:  It _does_ vary from country to
country, and probably also state to state.

However, to hold someone else responsible for a person's criminal activity
would be just plain wrong, as long as the ISP's part in the activity is only to
give their customer access to networks and services that every other customer
also gets access to.


> 2. Should hosting providers also be held responsible for customers who abuse
> their services in a criminal manner?

No.  For several reasons.

First, the hosting provider normally does not have too much control over what
the customers actually do.  If someone complains, or they detect something
through audits or similar, that is different.  But even then, there will be
certain problems. 

How does the hosting provider know that something is, in fact, criminal?  In
some cases, that may be obvious, but there will be cases where the case is not
so clear.  If the provider might be held responsible for something their
customers do, they might decide to remove legal content 'just in case'.

Also, who would determine whether something is illegal or not?  Tech support?
The admin?  I doubt that any of those are able to determine something that
courts tend to spend a lot of time and resources on.


> I think anyone in their right mind would agree that if a provider see
> criminal activity, they should take action, no?

Not necessarily.

Again, this would of course depend on the laws in the given state or country.
However, people disagree on what is considered legal or not.  If everyone _had_
agreed on this, the courts would have had less work.

It is the responsibility of the judicial system to determine whether someone is
breaking the law or not.  For commercial companies to start making that sort of
judgements is, at least in my opinion, _not_ a good thing.



-- 
Ina Faye-Lund