Re: [Asrg] Point of information...
Barry Shein <bzs@world.std.com> Fri, 20 June 2003 23:34 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA14413 for <asrg-archive@odin.ietf.org>; Fri, 20 Jun 2003 19:34:34 -0400 (EDT)
Received: (from exim@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5KNY7c06706 for asrg-archive@odin.ietf.org; Fri, 20 Jun 2003 19:34:07 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19TVOR-0001k5-CJ for asrg-web-archive@optimus.ietf.org; Fri, 20 Jun 2003 19:34:07 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA14399; Fri, 20 Jun 2003 19:34:03 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19TVOP-0004Kj-00; Fri, 20 Jun 2003 19:34:05 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19TVOP-0004Kg-00; Fri, 20 Jun 2003 19:34:05 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19TVOL-0001iB-GI; Fri, 20 Jun 2003 19:34:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19TVOC-0001hz-Gs for asrg@optimus.ietf.org; Fri, 20 Jun 2003 19:33:52 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA14394 for <asrg@ietf.org>; Fri, 20 Jun 2003 19:33:49 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19TVOB-0004Kd-00 for asrg@ietf.org; Fri, 20 Jun 2003 19:33:51 -0400
Received: from pcls4.std.com ([199.172.62.106] helo=TheWorld.com) by ietf-mx with esmtp (Exim 4.12) id 19TVOA-0004Ka-00 for asrg@ietf.org; Fri, 20 Jun 2003 19:33:50 -0400
Received: from world.std.com (root@world-f.std.com [199.172.62.5]) by TheWorld.com (8.12.8p1/8.12.8) with ESMTP id h5KNXoBk017035; Fri, 20 Jun 2003 19:33:50 -0400
Received: (from bzs@localhost) by world.std.com (8.9.3/8.9.3) id TAA02169; Fri, 20 Jun 2003 19:33:50 -0400 (EDT)
From: Barry Shein <bzs@world.std.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <16115.39389.986920.976051@world.std.com>
To: Yakov Shafranovich <research@solidmatrix.com>
Cc: Barry Shein <bzs@world.std.com>, asrg@ietf.org
Subject: Re: [Asrg] Point of information...
In-Reply-To: <5.2.0.9.2.20030620175628.00b92600@std5.imagineis.com>
References: <5.2.0.9.2.20030619221149.00b67008@std5.imagineis.com> <200306192120.RAA16724@world.std.com> <5.2.0.9.2.20030620175628.00b92600@std5.imagineis.com>
X-Mailer: VM 7.07 under Emacs 21.2.2
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Fri, 20 Jun 2003 19:33:49 -0400
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
On June 20, 2003 at 18:10 research@solidmatrix.com (Yakov Shafranovich) wrote: > So your bottom line is that the spam problem is based on "how spammers > amplify their distribution channels while keeping costs nearly at zero." I propose that if that is removed (or seriously diminished) the problem will become mostly inconsequential and can then be dealt with more in the manner of "consenting communications" via various methods, mostly MUA, routinely mentioned here. > Legally pursuing spammers is not something we can affect or do in this > group. But what we CAN do, is look at these aspects closer and see if any > technical solutions are possible. > > There are several approaches that have been mentioned that might have > relevance to this. First of all, making sure email is not untraceble allows > for LEA to catch the spammers. This would involve either changing SMTP, > implementing C/R, or some other system that would allow for traceability. > Domain names being owned by spammers is a problem too. Solutions must be > made to deal with that as well. Foreign ISPs, allowing for spam are also a > problem. And as you have mentioned many times before computers infected > with viruses and other similar junk are a problem as well, although I do > not see any possible solutions for that as well, not even any avenues of > research. Many years ago I had a professor who ran an 800-student lecture like a discussion group taking questions at any time. His only admonition, when a hand went up, would be ``are you SURE the other 799 people in the room are interested in what you are about to ask? Or can it wait until after class?'' It worked pretty well. On that note, I won't try to address your telling us of your personal inability to think of any possible solutions...[or]...avenues of research... Let's start easy. We've seen various blacklists. I consider them a mostly bad idea, perhaps of some use to individuals, but it's something we should all be familiar with. Some of the more notorious black lists actively scanned the net with software for systems which fit their notion of "open relays" and would add these to the net as a hazard. Now, would it be possible to scan similarly for systems infected with Jeem or one of the other spammer slave bugs? What would we do with that information? That's probably not necessary to answer, unless someone doubts anything good could be done. But, for example, inform the owner, an ISP might quarantine or mail rate-limit a known infected computer until it's fixed, block it entirely (from mail, from everything), etc. Also, could these viruses be used as honeypots to gather information about who is using them for both evidence and to just get those perps shut down and/or blocked? Anyhow, this all starts with whether it's possible to write a piece of software which begins to scan the net for infected systems? I don't know enough about these specific viruses right now to answer that question: Do they use hard to guess passwords? Do they give failure indications on use of a bad passwd which identifies the infection, or listen on a specific port, etc? Maybe we should also issue an RFC that simply says that the days of computer, including personal and desktop computer, operating systems being vulnerable to viruses (within some problem definition) should have been over years ago via widely distributed and well-known techniques utilized in highly successful and comparable operating systems software. As such, any operating system which does not meet a minimum standard of being viral resistant (obviously some detail is needed here) and is connected to the internet is non-conformant to RFC XYZZY or however that's usually worded and is a potential hazard to the net at large. For the love of money, XP and Windows/ME (and all earlier MS windows) are both vulnerable to Jeem, sobig.a, and Proxy-Guzu, some of the more cited viruses used in this sort of spamming. And, in all cases, according to Symantec's database: Systems Not Affected: Macintosh, OS/2, UNIX, Linux I rest my case. I think we know who's handing out the free whiskey and loaded shotguns in the bad part of town. Make them stop doing that. -- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo* _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] Point of information... Barry Shein
- [Asrg] Point of information... Selby Hatch
- [Asrg] Re: Point of information... Selby Hatch
- Re: [Asrg] Point of information... Eric Brunner-Williams in Portland Maine
- Re: [Asrg] Point of information... Yakov Shafranovich
- Re: [Asrg] Point of information... Yakov Shafranovich
- Re: [Asrg] Point of information... Barry Shein
- Re: [Asrg] Point of information... Yakov Shafranovich
- Re: [Asrg] Point of information... Barry Shein
- Re: [Asrg] Point of information... Barry Shein
- Re: [Asrg] Point of information... Yakov Shafranovich
- Re: [Asrg] Point of information... Yakov Shafranovich
- Re: [Asrg] Point of information... Barry Shein
- Re: [Asrg] Point of information... Barry Shein
- Re: [Asrg] Point of information... Jon Kyme
- Re: [Asrg] Point of information... Yakov Shafranovich
- Re: [Asrg] Point of information... Walter Dnes
- Re: [Asrg] Point of information... Walter Dnes
- Re: [Asrg] Point of information... Jon Kyme
- Re: [Asrg] Point of information... Alan DeKok
- Re: [Asrg] Point of information... Barry Shein
- Re: [Asrg] Point of information... Barry Shein
- Re: [Asrg] Point of information... Yakov Shafranovich
- Re: [Asrg] Point of information... Yakov Shafranovich
- Re: [Asrg] Point of information... Barry Shein
- Re: [Asrg] Point of information... Yakov Shafranovich
- Re: [Asrg] Point of information... Yakov Shafranovich
- Re: [Asrg] Point of information... Spencer Dawkins
- Re: [Asrg] Point of information... Barry Shein
- RE: [Asrg] Point of information... Hallam-Baker, Phillip
- Re: [Asrg] Point of information... Walter Dnes