Re: All China, All The Time
> I could only imagine. =A0The other problem is that many people seem to th=
ink I'm saying something against
> the Chinese *people* themselves, based on the "f* you round-eye* messages=
I've received (and they call
> ME racist). =A0They don't seem to get the clear distinction (to me) betwe=
en the Chinese people and China's
> network. =A0It's the machines I'm concerned with the attacks coming from =
those machine. =A0Just because the
> machine is sourced in China doesn't mean the attacker is - so I have to d=
o the best I can to defend against
> the machines. =A0However, that unfortunately comes across to those who ch=
oose not to think it through as me
> saying something against the Chinese themselves.
> Then again, as you well know, people will take any opportunity they can j=
ust to be ugly and confrontational,
> and to have something to rail about. =A0In the face of the reality of Chi=
na's horribly infected network, when I
> suggest blocking that traffic (as many others have and do), they seize th=
e opportunity to call me prejudice
> and a racist.
The following is opinion, not necessarily fact.
I'm not sure how blocking a country's traffic is racist. This would
seem to me that the people saying this believe that only one race
lives in that country. I agree with blocking China's traffic in the
situations where you can do so without negative impact.
The question that China's government should be asking is "Why are
people choosing to use servers located in China to perform these
attacks?". The answer to that question likely has something to do with
consequences. You see, for the most part people are driven by
consequences. If there are bad consequences to performing the attacks
from servers in the U.S. but there aren't any bad consequences to
performing the attacks from servers in China then clearly I would
choose China.
While penalties for "hacking" (why can't anyone use the appropriate
term, cracking?), have become more severe in China, unfortunately
those outside the jurisdiction of China's laws have nothing to worry
about because the Chinese government is not working with other
governments to pursue these people.
The bottom line is that if Antartica's network was flooding my
networks with malware, viruses, attacks, etc., I'd block them too. Now
maybe that makes me racist against Penguins, birds, whales and seal,
but oh well.
Kind regards,
Steven J. Koch
Systems Development Engineer
On Fri, Jan 15, 2010 at 12:15 PM, Gadi Evron <ge@linuxbox.org> wrote:
>
> On 1/15/10 6:40 PM, Thor (Hammer of God) wrote:
>>
>> I could only imagine. =A0The other problem is that many people seem to t=
hink I'm saying something against the Chinese *people* themselves, based on=
the "f* you round-eye* messages I've received (and they call ME racist). =
=A0They don't seem to get the clear distinction (to me) between the Chinese=
people and China's network. =A0It's the machines I'm concerned with the at=
tacks coming from those machine. =A0Just because the machine is sourced in =
China doesn't mean the attacker is - so I have to do the best I can to defe=
nd against the machines. =A0However, that unfortunately comes across to tho=
se who choose not to think it through as me saying something against the Ch=
inese themselves.
>>
>> Then again, as you well know, people will take any opportunity they can =
just to be ugly and confrontational, and to have something to rail about. =
=A0In the face of the reality of China's horribly infected network, when I =
suggest blocking that traffic (as many others have and do), they seize the =
opportunity to call me prejudice and a racist.
>
> The Chinese network is indeed very infected, which in turn causes the res=
t of the world great computerized harm. Nobody disputes this.
>
> The solution of blocking China, however, is one which harms both people o=
utside of China, as well as those inside of China. Therefore, it translates=
into an attack on them.
>
> Looking it this operationally:
>
> 1. Functionality
>
> =A0 =A0 =A0 =A0Do you have clients who need to interconnect with China's
> =A0 =A0 =A0 =A0networks, or expect people to connect to you from China?
>
> =A0 =A0 =A0 =A0If so, the cost of security by blocking may be unjustifiab=
le.
>
> 2. Urgency
>
> =A0 =A0 =A0 =A0If a lot of IP sources attack you from China RIGHT NOW, an=
d you
> =A0 =A0 =A0 =A0need immediate mitigation, blocking China short-term may w=
ork,
> =A0 =A0 =A0 =A0but obviously not as a permanent solution.
>
> As to "getting rid" or "refusing to connect with" networks with extremely=
bad reputation, that may be quite acceptable on an individual bases, but n=
ot on the Internet-scale, as things stand right now.
>
> When I facilitated making Atrivo (and others) no longer welcome on the In=
ternet, it was a brand new move, and it helped change the social belief of =
"don't be the Internet's firewall" to "some bad actors shouldn't be here, b=
ut generally don't be the Internet's firewall."
>
> Such social change to encourage new technological and operational solutio=
ns happenes every 2-5 years or so, and I don't expect anything large enough=
such as an AS-based reputation system to happen anytime soon.
>
> Also, you should consider that such actions also have direct political an=
d diplomatic ramifications neither of us understands.
>
> So, for now, I'd say that each of us should make such decisions by our ow=
n risk analysis with the trade-off between costs and benefits in mind, and =
only for our own networks.
>
> Aside to that, I know some people in China who work very hard on security=
, and do a better job than we do at it. But that does not mean the situatio=
n as it stands now is acceptable.
>
>> IOW, I really don't think the tag had that much to do with it now...
>
> People are just picking on you because they can. I can only share how I s=
ee such Internet discussions.
>
> Cost of doing business, just consider your responses on a level of (time =
=3D=3D money) && what your response would gain for you or the community. If=
the answer is nothing, then examine whether you still believe it is worth =
it. If yes, just do it. If not, move along.
>
> That is my basic guideline after years of trial by fire.
>
> Also, you will always be misunderstood, be careful in your language, but =
not so much that tl;dr. State your case with the obvious exceptions, and di=
scuss misunderstandings later. As trying to anticipate everything as an opp=
osite example to just saying what you think would mean people will just nit=
pick on one lower-hanging fruit item, or ignore.
>
> =A0 =A0 =A0 =A0Gadi.
>
>>
>> T
>>
>>
>>
>>> -----Original Message-----
>>> From: Gadi Evron [mailto:ge@linuxbox.org]
>>> Sent: Thursday, January 14, 2010 6:27 PM
>>> To: Thor (Hammer of God)
>>> Cc: bugtraq@securityfocus.com
>>> Subject: Re: All China, All The Time
>>>
>>> On 1/14/10 8:09 AM, Thor (Hammer of God) wrote:
>>>>
>>>> So, apparently my "witty" tag via Google Translate means something I
>>>
>>> didn't quite mean. =A0Surprise, surprise. =A0Luckily it wasn't somethin=
g
>>> vulgar, (that's what I get for trusting Google Translate and trying to
>>> be funny) but what I meant it to say was "If you can read this, don't
>>> bother replying because my servers won't get it." =A0However, it seems =
to
>>> mean something like "don't reply because you are not welcome here" or
>>> similar. =A0That wasn't my intention, as it seems to infer I actually
>>> have something against the Chinese people and not their networks, which
>>> I take issue with.
>>>>
>>>> Sorry for the poorly translated reference.
>>>
>>> People always try and send me Hebrew using Google Translate... it's
>>> usually word for word which means it breaks sentence structure. Then it
>>> misses context, translating words with different meanings. Then it
>>> completely mistranslates by using the root of the word, or similar,
>>> anything it doesn't know.
>>>
>>> All in all, while it can't be confused with real Hebrew, it is quite
>>> clear.
>>>
>>> Chinese seems a bit (understatement) more complicated, though. Hebrew,
>>> while hard to learn at first, is a very easy language when considering
>>> most parameters.
>>>
>>> =A0 =A0 =A0 =A0Gadi.
>>>
>>>
>>> --
>>> Gadi Evron,
>>> ge@linuxbox.org.
>>>
>>> Blog: http://gevron.livejournal.com/
>>
>
>
> --
> Gadi Evron,
> ge@linuxbox.org.
>
> Blog: http://gevron.livejournal.com/
討論串 (同標題文章)
完整討論串 (本文為第 3 之 6 篇):