IETF Logo Mail Archive

Re: [Rucus] [spitstop] Botnets, take 2... Re: Draft RUCUS charter

Hannes Tschofenig <Hannes.Tschofenig@gmx.net> Fri, 22 February 2008 12:33 UTC

Return-Path: <rucus-bounces@ietf.org>
X-Original-To: ietfarch-rucus-archive@core3.amsl.com
Delivered-To: ietfarch-rucus-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 522C828C2F0; Fri, 22 Feb 2008 04:33:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.552
X-Spam-Level:
X-Spam-Status: No, score=-0.552 tagged_above=-999 required=5 tests=[AWL=-0.115, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z9voQrCAkggN; Fri, 22 Feb 2008 04:33:46 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 82AF828C30F; Fri, 22 Feb 2008 04:33:46 -0800 (PST)
X-Original-To: rucus@core3.amsl.com
Delivered-To: rucus@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3AD953A6C5F for <rucus@core3.amsl.com>; Fri, 22 Feb 2008 04:33:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D+gPkL9rB4UD for <rucus@core3.amsl.com>; Fri, 22 Feb 2008 04:33:41 -0800 (PST)
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by core3.amsl.com (Postfix) with SMTP id E579E3A6C16 for <rucus@ietf.org>; Fri, 22 Feb 2008 04:33:40 -0800 (PST)
Received: (qmail invoked by alias); 22 Feb 2008 12:33:35 -0000
Received: from proxy1-nsn.nsn-inter.net (EHLO [217.115.75.229]) [217.115.75.229] by mail.gmx.net (mp022) with SMTP; 22 Feb 2008 13:33:35 +0100
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1/YjpMAynbYQiUXFzu6crP/FBcqsvKEp351RrG1kg YV2B5h3CVvknOR
Message-ID: <47BEC12A.1070504@gmx.net>
Date: Fri, 22 Feb 2008 14:33:46 +0200
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
User-Agent: Thunderbird 2.0.0.12 (Windows/20080213)
MIME-Version: 1.0
To: Saverio Niccolini <Saverio.Niccolini@nw.neclab.eu>
References: <C3E0C78D.4346A%Quittek@nw.neclab.eu> <3A86FA4E-6D4A-43FE-B380-6676CD4BCD90@voxeo.com> <42B56C6A683EBA4581C01CB49A914CA70E6EA261@MAILFAXSRV.gfimalta.com><909E8DC8-CB3A-478D-995F-94A4B3656D8D@cs.columbia.edu> <47BEAEE3.4040701@gmx.net> <5F6519BF2DE0404D99B7C75607FF76FF53DB88@mx1.office>
In-Reply-To: <5F6519BF2DE0404D99B7C75607FF76FF53DB88@mx1.office>
X-Y-GMX-Trusted: 0
Cc: rucus@ietf.org
Subject: Re: [Rucus] [spitstop] Botnets, take 2... Re: Draft RUCUS charter
X-BeenThere: rucus@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Hannes.Tschofenig@gmx.net
List-Id: <rucus.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/rucus>, <mailto:rucus-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/rucus>
List-Post: <mailto:rucus@ietf.org>
List-Help: <mailto:rucus-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/rucus>, <mailto:rucus-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: rucus-bounces@ietf.org
Errors-To: rucus-bounces@ietf.org

I know. These mechanisms are known from the email world and also from XMPP.

But there is a some way to go between today's state of the art, namely 
largely no end-to-end SIP usage to a state where botnets steal your 
identity to bypass white lists.

Ciao
Hannes


Saverio Niccolini wrote:
> Hannes, all,
>
>   
>> I had a chat with Peter Saint-Andre this week and he reported 
>> me about problems they had with malicious users (potentially 
>> using the XMPP servers for file sharing) in their XMPP server 
>> infrastructure. He told me that their community is looking 
>> into a mechanism to allow one domain to report problems to 
>> another domain. This would correspond to Henning's 2nd 
>> category below and a mechanisms similar to the one described 
>> in 
>> http://www.ietf.org/internet-drafts/draft-niccolini-sipping-sp
>>     
> am-feedback-00.txt
>   
>> would be useful (expect that it would not be run between the 
>> end host and the VoIP provider but between two VoIP providers).
>>     
>
> Right, actually this is why we inserted this potential communication
> interface in the SPITSTOP draft, see interface "b" among providers
> in:
> http://tools.ietf.org/html/draft-niccolini-sipping-spitstop-01#page-6
>
> Saverio
>
>
> ============================================================
> Dr. Saverio Niccolini
> Senior Researcher
> NEC Laboratories Europe, Network Research Division	
> Kurfuerstenanlage 36, D-69115 Heidelberg
> Tel.     +49 (0)6221 4342-118
> Fax:     +49 (0)6221 4342-155
> e-mail:  saverio.niccolini@nw.neclab.eu <-- !!! NEW ADDRESS !!!
> ============================================================
> NEC Europe Limited Registered Office: NEC House, 1 Victoria
> Road, London W3 6BL Registered in England 2832014
> _______________________________________________
> Rucus mailing list
> Rucus@ietf.org
> http://www.ietf.org/mailman/listinfo/rucus
>   

_______________________________________________
Rucus mailing list
Rucus@ietf.org
http://www.ietf.org/mailman/listinfo/rucus

v2.23.0 | Report a Bug | By Email