Internet: Blood and sand and buckets of Script Kiddies

DAMN SCRIPT KIDDIES. The Internet is a rough and tumble place. Like the old west of the early 1800's, or Manchester on a Saturday night after beating Arsenal. There are laws, or rules to be more exact, but there is no one to enforce them, and for the most part no one cares.

A recent example, which turned out to be much ado about nothing.

I was getting SYN flood errors on my router. At the same time I was getting massive traffic on the activity light on my modem. Didn't know what was going on, but I was getting an IP address from the logs. It varied, but whenever I did a lookup it always came to the same ISP. I figured either someone was going after my system on a pretty regular basis, or I had a Trojan that was sending out spam or some such. I cleaned my system of any spyware and suspected Trojans. 3 different proggies gave me the all clear.

But still the SYN flood errors kept a-coming. From the error logs it looked like my system was trying call out to someone or thing, but that just didn't make sense. So I took the next step. In the IP look-up is the e-mail and phone number of the errant IP. In the past I've tried to contact other peoples ISP's, for even more blatant, unscrupulous behavior. The results have been less than satisfactory.

Usually more is done about the situation after I give one of my walls a stern talking to. But what the hell, got to try something. So I sent of an e-mail to the abuse@ address. After 3 days I got no reply.

So I tried the phone number.

Of course the abuse number was the same as the number for tech support, administration, accounting and just about everything else. But what the hey. So of course I get a receptionist. After a bit of verbal parrying she sends me off to the abuse department. Where I'm put in a phone queue for about ten minutes before getting to voice mail.

That was a week and a half ago, still no call. Kind of like the SMC phone support that shuffles me off to India, and after an hour of trouble shooting the tech literally said, "We've run out of things to do. We'll think about it and call you back." I'm not holding my breath. Suffice to say the ISP of the errant IP addy has yet to call me back either. And quite frankly why should they?

This is the whole problem. I pay a certain company for my Internet connectivity. By paying them they have a certain obligation to help me with problems I may have. However, if a customer from another company is doing nasty things to me, what can they do? It's kind of like calling up the manufacturer of my car to complain about the sound of my neighbor's horn, when they own a car from a different manufacturer. So what you should do is call the company that the dodgy fellow belongs to. And if you do an IP lookup you've got the number. But here's the catch. You're not the one that gives the ISP money every month, he is. So who are they going to give a toss about? You or the guy paying his monthly Internet bill to them?

Some of the larger ISP's take this more seriously. But for the old Telco types who just provide copper to whomever passes them some silver, they don't know and don't care.

In my particular case it was a bit of wonky HTML coding that was causing major calls for information, and my router actually thought I was perpetrating an attack on someone, and shut me down. The result being that my browser would hang, while surfing that site. A minor inconvenience, but the experience got me thinking.

So what is one to do? The purpose of this article is to call on the government to resolve the situation. Mainly because they are the only ones who can. It's a scary thought I know, and it's important to make sure they aren't given too much power to do snoopy type things on regular everyday type people.

This is my concept. A central organization made up of sys-admin types (I've heard there's a couple looking for jobs), whose task is to answer complaints, and to assist in the tracking down of the writers of Trojans and viruses. They should have no ability to initiate investigations, but rather an authoritative power that responds to complaints. Their only power should be over ISP's, possibly leveling fines, or instigating reviews of any licensing.

Let's examine a couple of different scenarios.

Example 1: A simple user who is being DOSed, or a university/company that has spotted someone doing a brute force password attack on a user name. The afflicted person does a traceroute or IP lookup. This may not go all the way back to the offending party. But it is a good start. The victim dials 1-800-computerabuse or the equivalent e-mail, passing on all the information they have. This policing body reviews the logs and the IP's and determines if it is legitimate. If not, they reply that it's nothing to worry about, go back to searching for porn. If it turns out to be a legitimate attack than they start to trace the path back, and identify the user. They can contact the ISP, get user information, and work with the ISP to find if this is just a dupe who's system has been compromised, or a real black hat. If it's a dupe, they can work with them to cleanse their system; if a blackhat, either issue a warning (which should scare them) or if actual illegal activity has happened, they can call in the local authorities. This is very important. This organization shouldn't have arrest authority, but should call in local law enforcement just as a private citizen could, but with a bit more credibility. If I were to call the Walla Walla Washington Police department and tell officer Schlumbag that someone in his area was illegally taking over my system and forwarding spam, Officer Schlumbag would say "yeah sure", and go back to his doughnuts. If a government institution did the same thing, he might actually get off his posterior and do something.

Example 2: A new virus or Trojan has been let loose, CERT and all the usual suspects are on the case, but our hypothetical organization is also getting reports of suspicious activity from a variety of sources, and all of the error logs are very similar. CERT makes a call and now a large amount of information is combined, experienced IT personnel can now examine it for network geography, and more easily identify the source. This is a much more damaging, and illegal situation. Law enforcement personnel can be called in early (before others mutate the code) and the original author can be found more easily.

Obviously such an organization could mutate, and the possibility to invade people's privacy is high. So strict regulation would have to be part of the original charter. We don't need another arm of law enforcement, we need an oversight organization, with enough power to make the Telco companies stand up and take notice, but benign enough so that users aren't fearful. They should not be allowed any ability to "fix" peoples systems, but rather offer them advice on how people can fix their own systems, in the case of systems that have been zombied.

In fact, it could be possible that this organization could create virus-scanning software, with regular updates. I'm sure Norton wouldn't be happy with such a concept, but it has gone well beyond that. The consumer virus checking software has become much too intrusive, updates can't come fast enough, and most virus writers can circumvent them. It has become just another software package. What is needed is a lower level, powerful and sleek package that spends lest time letting you know how great Symantec is.

I understand the paranoia that such an organization, as the one I propose, arises, but I honestly feel that something needs to be done. Hackers, crackers, script kiddies and spammers have gotten well out of hand. To date no legal or technological solutions have had any effect. I mean zero effect, nothing, everything done to date has not even slowed down this type of activity, in fact it has gotten much more troublesome. The only organizations that will have any ability to prevent such activity are going to be governmental, sadly.

Thank you please come again. µ