[nsp-sec] IMPORTANT: DDoS-RS Reminders

[Tim Wilde]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/14/2010 2:06 AM, SURFcert - Peter wrote:
> I understand your reluctance. I might even think the people behind these
> servers explicitly invited everybody, including critics, to discuss on
> these server to try to give them a sense of legitimacy. But I have to
> take into consideration the kind of constituency we have. These are
> mostly students that might be in favor of WikiLeaks but at the same time
> are very opposed to a DDoS as a means to show that favoritism. They want
> to make that clear to the Anonymous operators and the only way is
> through these IRC servers.

Peter,

I also understand your position.  This is one of those cases where the
BGP feed of the DDoS-RS fails but the text feed shines.  I can say with
confidence that a "grep -V anonops" of the DDoS-RS text feed will remove
all of the Anonymous Operators servers from that list, as, to the best
of my knowledge, they all identified themselves with various *anonops*
names, which shows up in the ID that is included in the feed.  That
method of using the DDoS-RS will allow you to make your own decisions
about those particular hosts.

I want to make clear that neither I nor Team Cymru as a whole will pass
judgment on anyone because of their choices about whether or not to use
the DDoS-RS, in whole or in part.  We provide the information and all we
ask is that you make responsible use of it, as it makes sense in your
own network and circumstances.  We believe these listings are in line
with our previously stated policies, but certainly understand that this
is a complex situation, so it may lead to changes in the way people use
and understand the feeds.  As long as you (plural) understand our
motivations and reasoning, and as long as we maintain the transparency
of operation we strive for, we feel we have succeeded, regardless of how
the information is used.

> One last thing to consider: Discussing illegal actions is in itself not
> (yet) illegal. Especially not if you try co convert the people wanting
> to perform illegal actions into legal actions.

I understand and agree here as well, I did not mean to state or imply
that just discussing the attacks was necessarily illegal.  I think Wes
makes some good points in his follow-up as well, this is clearly a
difficult area.

One more point I'd like to make: while the AnonOps IRC servers may in
fact be the most direct way to reach the Anonymous Operators, I would
argue they're by far not the only way to reach them.  The Internet is,
after all, in many ways a broadcast medium; I think it's fair to assume
that a discussion in a broader public forum, particularly in the realms
it's been made clear that these folks inhabit, could pretty easily be
assumed to reach the Anonymous Operators, and those who are supporting
them.  Whether or not it will change their minds is another question
entirely, but that's the same there or on IRC.

Best regards,
Tim

- -- 
Tim Wilde, Senior Software Engineer, Team Cymru, Inc.
twilde at cymru.com | +1-630-230-5433 | http://www.team-cymru.org/
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAk0HoRgACgkQluRbRini9thCOgCdEs9H9luDQXSfr9eCFcmSvDJo
4TAAn2kBfKS6j2mfpdmWZjiTogPi59Wb
=EgGW
-----END PGP SIGNATURE-----