Re: [Asrg] Countering Botnets to Reduce Spam

Chris Lewis <> Sat, 15 December 2012 03:23 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id EF09F21F86A5 for <>; Fri, 14 Dec 2012 19:23:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.378
X-Spam-Status: No, score=0.378 tagged_above=-999 required=5 tests=[AWL=-0.433, BAYES_20=-0.74, FH_RELAY_NODNS=1.451, RDNS_NONE=0.1]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ibDXFbgOSDkZ for <>; Fri, 14 Dec 2012 19:23:30 -0800 (PST)
Received: from (unknown []) by (Postfix) with ESMTP id 5A91721F866E for <>; Fri, 14 Dec 2012 19:23:30 -0800 (PST)
Received: from [] ( []) (authenticated bits=0) by (8.14.4/8.14.4/Debian-2ubuntu2) with ESMTP id qBF3NT0R005789 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NOT) for <>; Fri, 14 Dec 2012 22:23:29 -0500
Message-ID: <>
Date: Fri, 14 Dec 2012 22:23:29 -0500
From: Chris Lewis <>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv: Gecko/20090812 Thunderbird/ Mnenhy/
MIME-Version: 1.0
References: <20121215011734.54813.qmail@joyce.lan>
In-Reply-To: <20121215011734.54813.qmail@joyce.lan>
X-Enigmail-Version: 1.4.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] Countering Botnets to Reduce Spam
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <>
List-Id: Anti-Spam Research Group - IRTF <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 15 Dec 2012 03:23:31 -0000

On 12-12-14 08:17 PM, John Levine wrote:

> Other than the magic term P2P, what does this provide above what
> packages like Tripwire do now?  Any particular distribution of Linux
> is installed from a known set of masters, where the files have known
> checksums.  The checksums are not large, and are not a big deal to
> retrieve.  What does P2P add?  Random other Linux boxes are certainly
> not more likely to have a set of good checksums than, say, an https
> server run by a well known distribution organization.

I _suppose_ it might make it a bit more feasible to obtain checksums of
random code that isn't necessarily in sync with a Linux dist.

In many hosting environments, there can be literally as many versions
of, say, Wordpress, as there are customers.  The admins steadily patch
the basic O/S, but often they won't touch the customer's images for fear
of breaking them.

Or virtualized systems.  Just imagine how many different O/S images
there are on a cloud.  Eg: Amazon expects the customer to do their _own_

I really don't think the idea would work in the end of the industry
(cloud, multi-host platforms) that need it most.