[Imc] IMC Tech notes 7-24-02

[Paul Riismandel]

imc-tech meeting 7-24-02

present: orion, mike l, travis, paul, brian, john, dan l.

topic at hand: ip logging.

Paul explains what's happened. Mike has been tracking a guy who's been
spamming the Newswire, and on Monday he made 72 posts and apparently was
able to turn off the ability to comment on a post.  Upon hearing this on
Tuesday Zach worried that the spammer might be hacking our website, possibly
causing much bigger problems and asked Paul R., Mike L., and Sascha over
e-mail if it might be right to turn on logging.  Eventually they thought it
was necessary, and compatible with the IMC's Website Abuse policy
(http://www.ucimc.org/abuse_policy.php3).  After starting logging, Zach sent
a notice to the IMC list.

brian's concern is that the ip logging apparently happened before the
message to the imc was made, he would like people to have some warning to
know they shouldn't post if they don't want their IP logged. Mike thinks it
was meant to be simultaneous.

Mike's concern about the e-mail list is because it looks like our phantom
spammer is reading our e-mail lists.  Brian's concern is that there was no
warning, why does it have to be clandestine. There was no notification that
there was a potential threat prior to notice of the logging.  Brian is not
concerned about the IP logging itself, only that there was an information
gap itself about there being a problem in the first place. 

Zach appears, explains that he took action because it seemed like the
comments posting had been compromised.  Thus a major service of our site may
have been disabled.  It's unclear if commenting on all posts is disable now
or just for some.  We are logging IPs to see if there is someone hacking our
system, and may be launching other types of attacks.  There is the fear that
they've found a vulnerability, are looking for a vulnerability, or doing
multiple attacks.  By logging IPs  we can correlate different activity -- is
the same computer making certain requests to our website software and also
trying to log on.  

Zach thinks it's probably not a big threat, but the possibility is severe
enough that he thinks he'd like to catch them in the act. 

Paul K posted something to the Newswire that indicated dissatisfaction with
the release of information on what's going on.  Zach understands that,
though the post on the Newswire means it's no longer secret.

Mike is convinced that this spammer is reading our e-mail list because of
comments he's made on the Newswire and comments that he's posted.  This
stuff started 9 AM Monday morning until 9 AM Tuesday morning -- in that time
we were flooded with 72 posts.  

Zach brings up that regardless of ideals and philosophy, the system
administrator can track people and violate privacy in many ways without
logging IP.  What this means is that a lot of trust is placed in the System
admin -- to change this would mean to change the nature of Unix, the server
operating system.  He suggests that this means we need to educate  people
about their privacy on-line and how they can protect themselves.

As a system admin it makes Zach uncomfortable to not log IPs, since when we
are attacked, we have no way to track it unless we turn on the logging and
we are attacked again.  

Dan notes that the real question is who are we more afraid of, the FBI
subpoenaing our server logs or hackers?  The FBI already has carnivore, and
wiretapping tech, which means they can do lots of things without our logs.