Re: [Asrg] In case anyone thought Barry was exaggerating

Yakov Shafranovich <research@solidmatrix.com> Tue, 01 July 2003 17:48 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA08488 for <asrg-archive@odin.ietf.org>; Tue, 1 Jul 2003 13:48:26 -0400 (EDT)
Received: (from exim@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5RIZM010313 for asrg-archive@odin.ietf.org; Fri, 27 Jun 2003 14:35:22 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Vy3z-0002fS-6L for asrg-web-archive@optimus.ietf.org; Fri, 27 Jun 2003 14:35:11 -0400
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA11216; Fri, 27 Jun 2003 14:35:07 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Vy3E-0001xU-9o; Fri, 27 Jun 2003 14:34:24 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19VvpP-0007OL-MU for asrg@optimus.ietf.org; Fri, 27 Jun 2003 12:11:59 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA05828 for <Asrg@ietf.org>; Fri, 27 Jun 2003 12:11:56 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19VvpO-0004EG-00 for Asrg@ietf.org; Fri, 27 Jun 2003 12:11:58 -0400
Received: from 000-256-240.area7.spcsdns.net ([68.27.240.209] helo=68.27.240.209 ident=trilluser) by ietf-mx with smtp (Exim 4.12) id 19VvpC-0004E7-00 for Asrg@ietf.org; Fri, 27 Jun 2003 12:11:47 -0400
Message-Id: <5.2.0.9.2.20030627120912.00babb10@std5.imagineis.com>
X-Sender: research@solidmatrix.com
X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9
To: Barry Shein <bzs@world.std.com>
From: Yakov Shafranovich <research@solidmatrix.com>
Subject: Re: [Asrg] In case anyone thought Barry was exaggerating
Cc: Kee Hinckley <nazgul@somewhere.com>, Asrg@ietf.org
In-Reply-To: <16123.43091.763213.273289@world.std.com>
References: <5.2.0.9.2.20030626205937.00b3e2e8@std5.imagineis.com> <5.2.0.9.2.20030626111203.00b4eb68@std5.imagineis.com> <p0600171cbb20a2f759ad@[192.168.1.104]> <5.2.0.9.2.20030626205937.00b3e2e8@std5.imagineis.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-MimeHeaders-Plugin-Info: v2.03.00
X-GCMulti: 1
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Fri, 27 Jun 2003 12:11:25 -0400

At 10:13 PM 6/26/2003 -0400, Barry Shein wrote:


>On June 26, 2003 at 21:04 research@solidmatrix.com (Yakov Shafranovich) wrote:
>  > In your opinion, isn't spam considering a specific case of a network 
> abuse
>  > problem? Why is the spam problem any different from lets say a BBS user
>  > dialing in every moment and giving all other BBS users a busy signal. OR
>  > lets say in a shared-Unix system, a user grabbing too much disk space
>  > leaving not much for anyone else.
>
>Scope.
>
>Ringing your phone over and over is annoying as hell.
>
>Ringing every phone in the city over and over is evidence of a massive
>security breach.
>
>Any idiot can ring one (or a few) phones over and over.
>
>But once someone has acquired the technological savvy to ring millions
>of phones and no one can stop them we're in a whole different ball
>park.
>
>Telling people to unhook the bell on their phone (boy I must be old to
>even think of that) doesn't quite address the latter issue.

Then according to you, how is spam different from a DDOS attack were 
thousands of computers start spewing packets? If both problems are similar, 
then perhaps we need to look into what methods are currently in place to 
block DDOS attacks and we can reuse the same methods here for spam.


>  > In both cases,  there were mechanisms in place to catch the wrongdoers 
> and
>  > enforce the rules. The problem with the Internet is as many people have
>  > mentioned, is that it is an open system, written by people no expecting
>  > abuse - by people who trusted each user on the network to do the right
>  > thing. As far as I understand you, what you and Eric Brunner are 
> trying to
>  > bring to everyone's attention, is the need for similar controls on the
>  > Internet so massive network abuse can be detected early and stopped.
>
>I think we need to begin to recognize the problem for what it actually
>is. A massive security breach which no doubt violates many extent laws
>and not just some obnoxious behavior which needs to be curbed by
>smartening things up a little.



_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg