Readit News logoReadit News

Deleted Comment

johansch commented on Serial Swatter Bragged He Hit 100 Schools, 10 Homes   krebsonsecurity.com/2018/... · Posted by u/robin_reala
Canada · 8 years ago
Think about this...

Take any smart phone. No SIM card. Connect it to someone's wifi network, like a coffee shop. Now you can abuse 911 world wide in a completely untraceable manner.

What can possibly be done to prevent this that won't screw people desperately in need of help? It doesn't matter if your government is responsible for a town of 100 people or a country of 1.2 billion. It can't put an owner to each of the billions of smart phones floating around and that's not going to change any time soon.

johansch · 8 years ago
Not going to answer this because

a) I already answered a very similar question of yours in a separate thread

b) you hijacked a subthread that was particularly talking about the politics involved

johansch commented on Serial Swatter Bragged He Hit 100 Schools, 10 Homes   krebsonsecurity.com/2018/... · Posted by u/robin_reala
Canada · 8 years ago
Your suggestion just isn't realistic when you look at how VoIP systems work in practice. What you usually have are SIP clients talking to SIP servers which then involve a bunch more servers and proxies and a slew of other protocols. SIP traffic from the endpoint and the associated RTP stream could be tunneled, often for very good reason. You can't prevent that with any kind of IP registration scheme because then the client can't roam which defeats the best reason to deploy VoIP in the first place. Providers are routing calls dynamically for reliability and cost reasons. Sometimes when you ask a server to terminate a call it just redirects it elsewhere. Even endpoints can arbitrarily redirect calls.

Ultimately none of the providers involved can know where either end of the call is. We can't even know their IP address for certain, let alone their physical location. What we have for 911 is a form where the customer declares their physical address and a disclaimer warning the customer that should they move then emergency calls will not be routed to the most appropriate call center and the operator will get the wrong address.

There's absolutely nothing we can do to prevent malicious people from abusing it. Any attempt to do so would result in honest users being unable to call for help in emergencies causing far more harm than the abuse we're trying to prevent.

johansch · 8 years ago
You are not going to convince me, or anyone else who understand the tech, that this is a fundamentally unsolvable technical problem, I promise. It all boils down to compromises between regulation vs freedom, etc.

So, I do take issue when you say things like:

> There's absolutely nothing we can do to prevent malicious people from abusing it.

johansch commented on Serial Swatter Bragged He Hit 100 Schools, 10 Homes   krebsonsecurity.com/2018/... · Posted by u/robin_reala
delinka · 8 years ago
The same way telemarketers fake phone numbers. More surprising to me is that the deeper routing data (as in, the real source of the call, which the phone company necessarily has) is not available. I understand that you want to allow anonymous tips, but it would make sense that if the caller ID data is faked (i.e. the purported number's exchange doesn't match the source), then the data should be made immediately available.
johansch · 8 years ago
Seems like a lot of people here really want VOIP to be anonymous/unregistered. You know, so that the nazis can't get you if they seize power. But they also seem loath to acknowledge this desire, particularly in this context.
johansch commented on Serial Swatter Bragged He Hit 100 Schools, 10 Homes   krebsonsecurity.com/2018/... · Posted by u/robin_reala
Turing_Machine · 8 years ago
"Jingoism is an american word."

And fascism is a European one.

The level of overarching government control popular in Europe leads to people being killed by millions, rather than in ones and twos.

"not wanting outsiders telling them how to solve problems they know they should have solved a long time ago by themselves."

Perhaps we don't believe that people who were still running fascist slave states until the 1970s and communist slave states until the 1990s are in any kind of moral position to be lecturing us on our "problems".

johansch · 8 years ago
Somehow, having a well-recorded connection between identity and phone line didn't lead to "fascism" in your past though.
johansch commented on Serial Swatter Bragged He Hit 100 Schools, 10 Homes   krebsonsecurity.com/2018/... · Posted by u/robin_reala
falcolas · 8 years ago
WRT "just get the government to do it" US federal legislation, specifically not that driven by "terrorism" or "protect the children" (and we don't want any legislation under either label) tends to take years to go from initial idea to law. That doesn't count the years which would be added for compliance. Or the charter and formation of the "central authority".

If we started today, we might get such a law in action sometime in the mid-2020's, at which point ISPs would have switched to IPv6 just to avoid the legislation. You know, maybe it would be a good idea after all /s

My "idealism" is probably better called "pessimism", and is based off a couple of decades watching well-meaning legislation be mangled beyond repair by politicians and corporations, at the city level.

People are complicated and irrational. People in politics are even more complicated and seemingly irrational, since even the best politicians have to balance the wants and needs of thousands of people and the businesses who employ those people. Politicians at the federal level are even more complicated, since they have 50 states, a number of territories, and gigantic corporations to consider.

Even influencing a completely honest political group to do what everyone agrees is the right thing takes a significant amount of time, money, and effort. And if we're honest, they aren't all completely devoted to their constituents, and won't agree that it's the right thing to do.

johansch · 8 years ago
Okay, I get that complexity, I think.

But then the question shifts to: maybe your country is too large to govern effectively - if you can't make changes like this quickly, something is wrong, I think.

johansch commented on Serial Swatter Bragged He Hit 100 Schools, 10 Homes   krebsonsecurity.com/2018/... · Posted by u/robin_reala
falcolas · 8 years ago
A policy decision by whom? Specifically, how do you do this when IP spaces are controlled by various unfriendly countries around the world? Politics aside, the required technical coordination would be a nightmare. We can barely handle BGP without conflicts as-is.

IPv4 space is also quite limited, and new devices are popping onto networks all the time. I'm not even sure a IP time window is feasible without a full move to IPv6 - something that policy makers have been trying to push on for years without success.

johansch · 8 years ago
>A policy decision by whom?

By your government?

> Specifically, how do you do this when IP spaces are controlled by various unfriendly countries around the world

You begin a "911-certified program" that requires your local ISPs to register their IP ranges with some central authority. The rest is a bunch of detailed but solvable details.

Your idealism when it comes to making this seem more complicatated that it really is seems misplaced.

johansch commented on Serial Swatter Bragged He Hit 100 Schools, 10 Homes   krebsonsecurity.com/2018/... · Posted by u/robin_reala
toomuchtodo · 8 years ago
"Retarded" seems to be a considered a derogatory slur in these times, which could explain your downvotes.

https://www.google.com/search?q=retarded+slur

johansch · 8 years ago
Thanks, but I somehow get the feeling that it's more about not wanting outsiders telling them how to solve problems they know they should have solved a long time ago by themselves.
johansch commented on Serial Swatter Bragged He Hit 100 Schools, 10 Homes   krebsonsecurity.com/2018/... · Posted by u/robin_reala
falcolas · 8 years ago
There is another story happening in parallel to this where the Police arrested the wrong person based off the IP in use. IPs are just too ephemeral to trust for any form of location data.

Not to mention the caller chose to call a line which would normally not have a lot of need for those protections, in comparison to 911.

johansch · 8 years ago
"IPs are just too ephemeral to trust for any form of location data"

That is just policy decision. It would, for example, be possible to declare that no single IP should be used for more than two customers during a single X hour block.

johansch commented on Serial Swatter Bragged He Hit 100 Schools, 10 Homes   krebsonsecurity.com/2018/... · Posted by u/robin_reala
johansch · 8 years ago
That's extraordinarly retarded.
johansch · 8 years ago
"0 points"

Ah, well, Jingoism is an american word. I guess I just thougt the crowd here could agree that it's retarded to not have a political policy against fake VOIP numbers.

j

u/johansch

KarmaCake day3294March 2, 2012View Original