Re: [Rucus] [spitstop] Botnets, take 2... Re: Draft RUCUS charter
Hannes Tschofenig <Hannes.Tschofenig@gmx.net> Fri, 22 February 2008 12:30 UTC
Return-Path: <rucus-bounces@ietf.org>
X-Original-To: ietfarch-rucus-archive@core3.amsl.com
Delivered-To: ietfarch-rucus-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9DE5828C34E; Fri, 22 Feb 2008 04:30:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.356
X-Spam-Level:
X-Spam-Status: No, score=-0.356 tagged_above=-999 required=5 tests=[AWL=-0.311, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1, SARE_UNSUB30=0.351, SARE_UNSUB30B=0.041]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qRe-TpSwGYmi; Fri, 22 Feb 2008 04:30:05 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F192328C340; Fri, 22 Feb 2008 04:30:04 -0800 (PST)
X-Original-To: rucus@core3.amsl.com
Delivered-To: rucus@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 148CD28C340 for <rucus@core3.amsl.com>; Fri, 22 Feb 2008 04:30:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wJZMrBgh72Vd for <rucus@core3.amsl.com>; Fri, 22 Feb 2008 04:30:01 -0800 (PST)
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by core3.amsl.com (Postfix) with SMTP id 7FBAC28C315 for <rucus@ietf.org>; Fri, 22 Feb 2008 04:30:00 -0800 (PST)
Received: (qmail invoked by alias); 22 Feb 2008 12:29:55 -0000
Received: from proxy1-nsn.nsn-inter.net (EHLO [217.115.75.229]) [217.115.75.229] by mail.gmx.net (mp036) with SMTP; 22 Feb 2008 13:29:55 +0100
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1/KnuQZPkvK1lJeXGYC7nK+ioDDOO/T9ucM11/Y07 4200lOSxiwCBc0
Message-ID: <47BEC04D.8040505@gmx.net>
Date: Fri, 22 Feb 2008 14:30:05 +0200
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
User-Agent: Thunderbird 2.0.0.12 (Windows/20080213)
MIME-Version: 1.0
To: Jan Seedorf <Jan.Seedorf@nw.neclab.eu>
References: <C3E0C78D.4346A%Quittek@nw.neclab.eu> <3A86FA4E-6D4A-43FE-B380-6676CD4BCD90@voxeo.com> <42B56C6A683EBA4581C01CB49A914CA70E6EA261@MAILFAXSRV.gfimalta.com><909E8DC8-CB3A-478D-995F-94A4B3656D8D@cs.columbia.edu> <47BEAEE3.4040701@gmx.net> <113091BD57179D4491C19DA7E10CD69601B5639F@mx1.office> <47BEB721.8040305@gmx.net> <113091BD57179D4491C19DA7E10CD69601B563A8@mx1.office>
In-Reply-To: <113091BD57179D4491C19DA7E10CD69601B563A8@mx1.office>
X-Y-GMX-Trusted: 0
Cc: rucus BoF <rucus@ietf.org>
Subject: Re: [Rucus] [spitstop] Botnets, take 2... Re: Draft RUCUS charter
X-BeenThere: rucus@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Hannes.Tschofenig@gmx.net
List-Id: <rucus.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/rucus>, <mailto:rucus-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/rucus>
List-Post: <mailto:rucus@ietf.org>
List-Help: <mailto:rucus-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/rucus>, <mailto:rucus-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: rucus-bounces@ietf.org
Errors-To: rucus-bounces@ietf.org
Hi Jan, Jan Seedorf wrote: > Hi Hannes, > > >> Let's take an example: >> When Henning's host is compromised and a bot is using >> Henning's account to send me spam then I would contact >> Henning (by using various ways) to tell him that something is >> wrong with his PC/phone/etc. I would not tell my VoIP >> provider that there is something wrong with Henning's account. >> Typically, this will lead to more problems rather than less >> -- such as no communication to Columbia University anymore >> because my VoIP provider just blocks all calls from that domain. >> >> (Just to reflect my experience with email problems in the company....) >> > I understand these problems. And we need to discuss them. My point was just that with respect to "but at least the sender can be identified and fixed/fined/taken offline" the spam-feedback draft is a building block. You are suggesting that when a user presses a "this was SPIT" button, this does not trigger a message to the provider of the callee but instead an offline (e.g., email) message to the caller saying "hey, I received SPIT from your account, do something!". That is another way of using the feedback-mechanism, and quite interesting I would say. > > I fully agree that "automatic" and "aggressive" blocking as today in the e-mail world is a probelm we need to consider. > > The usage case of the SPIT reporting between the end host and the VoIP provider is not for Henning's case " - Uses credentials, spams addresses in addressbook: whitelists don't help, but at least the sender can be identified and fixed/fined/taken offline. " I don't want folks in my buddy list to get fined; I want to tell them that they have a problem with their PC. I don't need a protocol to tell them that. However, I see it being useful for reporting SPIT between providers in case of the following category: " - Uses credentials, but spews randomly: unlikely that the recipient will have that person in their whitelist, so still manageable. " and in the case where someone does not use a white list then he can obviously report something to it's VoIP provider when he does not know that person. Ciao Hannes > - Jan > > >> -----Original Message----- >> From: Hannes Tschofenig [mailto:Hannes.Tschofenig@gmx.net] >> Sent: Friday, February 22, 2008 12:51 PM >> To: Jan Seedorf >> Cc: Signaling TO Prevent SPIT; Brian Azzopardi; >> rucus@ietf.org; Juergen Quittek >> Subject: Re: [spitstop] [Rucus] Botnets, take 2... Re: Draft >> RUCUS charter >> >> Hi Jan, >> >> >> Jan Seedorf wrote: >> >>> Dear Hannes, >>> >>> >>> >>>> I think we should put Henning's classification somewhere in our >>>> documents. >>>> >>>> >>> I also like Henning's classification because it narrows >>> >> down where the problem with botnets regarding SPIT is. >> >>> >>> >>>>> - Uses credentials, spams addresses in addressbook: >>>>> >>>>> >>>> whitelists don't >>>> >>>> >>>>> help, but at least the sender can be identified and >>>>> >>>>> >>>> fixed/fined/taken >>>> >>>> >>>>> offline. >>>>> >>>>> >>> I fully agree: this is the problem and the "compromised >>> >> identity" then >> >>> needs to be identified and blocked. One question then is, >>> >> how can we >> >>> share the identification of a not-trustworthy identity (as >>> >> perceived >> >>> by end-users or domains) among SIP-entities/domains. One building >>> block I see here clearly is >>> >>> >> http://www.ietf.org/internet-drafts/draft-niccolini-sipping-spam-feedb >> >>> ack-00.txt >>> >>> >> Let's take an example: >> When Henning's host is compromised and a bot is using >> Henning's account to send me spam then I would contact >> Henning (by using various ways) to tell him that something is >> wrong with his PC/phone/etc. I would not tell my VoIP >> provider that there is something wrong with Henning's account. >> Typically, this will lead to more problems rather than less >> -- such as no communication to Columbia University anymore >> because my VoIP provider just blocks all calls from that domain. >> >> (Just to reflect my experience with email problems in the company....) >> >> >>> for giving users the possibility to indicate that some identity may >>> not be trustworthy anymore (e.g., because it got compromised in the >>> sense Henning describes above). Additionally, >>> http://tools.ietf.org/html/draft-wing-sipping-spam-score-01 >>> and >>> >>> >> http://www.ietf.org/internet-drafts/draft-seedorf-sipping-spam-score-s >> >>> emantics-00.txt offer a solution for signalling such information >>> between entities. Note that in the semantics draft we tried >>> >> to point the importance of having a precise meaning >> associated with a SPIT score. >> >>> >>> >> I haven't read draft-seedorf-sipping-spam-score-semantics-00.txt yet. >> Comments later. >> >> >> Ciao >> Hannes >> >> >>> - Jan >>> >>> >>> >>>> -----Original Message----- >>>> From: spitstop-bounces@listserv.netlab.nec.de >>>> [mailto:spitstop-bounces@listserv.netlab.nec.de] On Behalf >>>> >> Of Hannes >> >>>> Tschofenig >>>> Sent: Friday, February 22, 2008 12:16 PM >>>> To: Signaling TO Prevent SPIT >>>> Cc: Brian Azzopardi; rucus@ietf.org; Juergen Quittek >>>> Subject: Re: [spitstop] [Rucus] Botnets, take 2... Re: Draft RUCUS >>>> charter >>>> >>>> I think we should put Henning's classification somewhere in our >>>> documents. >>>> >>>> I had a chat with Peter Saint-Andre this week and he reported me >>>> about problems they had with malicious users (potentially >>>> >> using the >> >>>> XMPP servers for file sharing) in their XMPP server >>>> >> infrastructure. >> >>>> He told me that their community is looking into a >>>> >> mechanism to allow >> >>>> one domain to report problems to another domain. This would >>>> correspond to Henning's 2nd category below and a >>>> >> mechanisms similar >> >>>> to the one described in >>>> http://www.ietf.org/internet-drafts/draft-niccolini-sipping-sp >>>> am-feedback-00.txt >>>> would be useful (expect that it would not be run between >>>> >> the end host >> >>>> and the VoIP provider but between two VoIP providers). >>>> >>>> Ciao >>>> Hannes >>>> >>>> PS: I put Peter on CC in case I misunderstood something. >>>> >>>> Henning Schulzrinne wrote: >>>> >>>> >>>>> There are three sub-cases of bot nets: >>>>> >>>>> - Just uses host, without credentials: identity-based >>>>> >> whitelisting >> >>>>> works (subject to the usual problems with whitelisting) >>>>> >>>>> - Uses credentials, but spews randomly: unlikely that the >>>>> >> recipient >> >>>>> will have that person in their whitelist, so still manageable. >>>>> >>>>> - Uses credentials, spams addresses in addressbook: >>>>> >>>>> >>>> whitelists don't >>>> >>>> >>>>> help, but at least the sender can be identified and >>>>> >>>>> >>>> fixed/fined/taken >>>> >>>> >>>>> offline. >>>>> >>>>> I'm not trying to downplay bot nets, just that this is a bit more >>>>> nuanced. >>>>> >>>>> Henning >>>>> >>>>> On Feb 20, 2008, at 3:37 AM, Brian Azzopardi wrote: >>>>> >>>>> >>>>> >>>>> >>>>>> Dan, >>>>>> >>>>>> I am afraid that we may have to hit the ground running. >>>>>> >>>>>> >>>> Email spam is >>>> >>>> >>>>>> already a big industry with well established operators. >>>>>> >>>>>> >>>> Spewing out >>>> >>>> >>>>>> SPIT instead of email spam is just another 'product' for them. >>>>>> Only amateur SPITers will use spitter and other such tools - the >>>>>> professional ones already have the infrastructure in place >>>>>> >>>>>> >>>> and they'd >>>> >>>> >>>>>> be irrational not to reuse it for SPIT - they will just short- >>>>>> circuit to your step 5. We do need to think deeply about >>>>>> >>>>>> >>>> botnets - >>>> >>>> >>>>>> they are the principal means of sending spam and have >>>>>> >> been for at >> >>>>>> least the last 2 years. >>>>>> >>>>>> Regards, >>>>>> >>>>>> Brian Azzopardi - Senior Business Analyst GFI Software - >>>>>> >>>>>> >>>> www.gfi.com >>>> >>>> >>>>>> From: rucus-bounces@ietf.org [mailto:rucus-bounces@ietf.org] On >>>>>> Behalf Of Dan York >>>>>> Sent: 19 February 2008 21:24 >>>>>> To: Juergen Quittek >>>>>> Cc: rucus@ietf.org; Signaling TO Prevent SPIT >>>>>> Subject: [Rucus] Botnets, take 2... Re: Draft RUCUS charter >>>>>> >>>>>> Juergen (and Saverio and others), >>>>>> >>>>>> I appreciate the point you are raising here. My interest and >>>>>> passion are in networking, communication and security. To me, >>>>>> botnets are both incredibly fascinating and incredibly >>>>>> >>>>>> >>>> terrifying. >>>> >>>> >>>>>> I agree with you that botnets very certainly may be the biggest >>>>>> source of SIP spam in the future. >>>>>> >>>>>> Here's my problem: >>>>>> >>>>>> We have to crawl before we can walk and before we can run. >>>>>> >>>>>> Let's say that this is the (incredibly simplistic view of the) >>>>>> evolution of email spam: >>>>>> >>>>>> 1. Someone figures out that they can send advertisements >>>>>> >>>>>> >>>> to a range >>>> >>>> >>>>>> of email addresses they have collected. >>>>>> 2. Someone realizes that they can add those addresses to a >>>>>> >>>>>> >>>> "mailing >>>> >>>> >>>>>> list" to easily send to a large number of addresses. >>>>>> 3. Tools are developed that automate the collection of >>>>>> >>>>>> >>>> addresses and >>>> >>>> >>>>>> the sending out of messages. >>>>>> 4. At a certain time, there are enough people using email >>>>>> >>>>>> >>>> out there >>>> >>>> >>>>>> that this whole area of email advertising is a huge financial >>>>>> marketplace. Companies/entities set up server farms to >>>>>> >>>>>> >>>> just send out >>>> >>>> >>>>>> tons of email messages. (Defenders blacklist those servers.) 5. >>>>>> Those "servers" get distributed into massive botnets >>>>>> >>>>>> >>>> and are then >>>> >>>> >>>>>> able to avoid blacklisting, etc. >>>>>> >>>>>> I have absolutely no doubt that SIP spam will >>>>>> >>>>>> >>>> unfortunately follow >>>> >>>> >>>>>> the exact same trajectory. We're already seeing the tools to >>>>>> automate SPIT (here's one: >>>>>> >>>>>> >>>> http://www.hackingvoip.com/tools/spitter.tar.gz >>>> >>>> >>>>>> ). At some point we will hit my #4 when there are >>>>>> >> enough people >> >>>>>> using SIP *with publicly accessible SIP addresses* that it >>>>>> >>>>>> >>>> becomes >>>> >>>> >>>>>> financially lucrative enough for the larger automation >>>>>> >> to occur - >> >>>>>> and following on the heels of that will be the botnets. It will >>>>>> happen. To me it's not a question of IF but rather WHEN. >>>>>> >>>>>> Right now, though, we're still in my steps 1-3 as people >>>>>> >> start to >> >>>>>> get SIP endpoints and realize how they can abuse them. >>>>>> >>>>>> My concern about adding the focus on botnets into RUCUS is >>>>>> >>>>>> >>>> the fact >>>> >>>> >>>>>> that we can easily get distracted into looking at how to solve >>>>>> bigger issues and not get done the smaller issues that we can >>>>>> perhaps address today. >>>>>> >>>>>> Let's face it, probably all of us on this list would be >>>>>> >>>>>> >>>> categorized >>>> >>>> >>>>>> as early adopters who like to explore cutting edge >>>>>> >>>>>> >>>> technologies. We >>>> >>>> >>>>>> like to chase bright shiny objects and what is new and sexy and >>>>>> interesting. Let's say that you have a choice at the next >>>>>> >>>>>> >>>> IETF to >>>> >>>> >>>>>> listen to either: >>>>>> 1. a presentation on a SIP header to pass a "spam score" value >>>>>> between a SIP proxy and a UA; or 2. a presentation about SIP >>>>>> botnets, how they are constructed and the threats they pose. >>>>>> I would expect that probably 90% of us would choose the >>>>>> >>>>>> >>>> botnet talk. >>>> >>>> >>>>>> (No disrespect intended to the spam-score folks, just using an >>>>>> example.) The reality, though, is that the spam score discussion >>>>>> might be far more useful in moving us toward solutions that will >>>>>> help us with the people abusing SIP systems today. I >>>>>> >>>>>> >>>> don't want to >>>> >>>> >>>>>> wake up some day and find out that while we've been having >>>>>> >>>>>> >>>> a ton of >>>> >>>> >>>>>> discussions about botnets, some idiot meanwhile is repeatedly >>>>>> connecting to my SIP server and pumping our voicemail >>>>>> >>>>>> >>>> system full of >>>> >>>> >>>>>> SPIT. >>>>>> >>>>>> Maybe it's crazy on my part, but I want to see RUCUS have >>>>>> >>>>>> >>>> a charter >>>> >>>> >>>>>> that results in an achievable plan and architecture. >>>>>> >>>>>> Yes, we should consider botnets as a potential source of >>>>>> >> SIP spam >> >>>>>> and, yes, the potential existence of SIP botnets should be >>>>>> >>>>>> >>>> included >>>> >>>> >>>>>> in our thinking about an architecture to address SIP spam >>>>>> >>>>>> >>>> (so that >>>> >>>> >>>>>> any architecture we come up with does not discount dealing with >>>>>> botnets). But I also think we need to stay focused on >>>>>> >>>>>> >>>> what we can >>>> >>>> >>>>>> do now about the threats that are out there today (before >>>>>> >>>>>> >>>> it's too >>>> >>>> >>>>>> late). Let's crawl first, then walk, then run. >>>>>> >>>>>> My 2 cents, >>>>>> Dan >>>>>> >>>>>> On Feb 19, 2008, at 11:51 AM, Juergen Quittek wrote: >>>>>> Today, most of the spam email comes from bot-nets and recently >>>>>> email spammers started to send massively from compromized valid >>>>>> email accounts. I do not see why this would not become also the >>>>>> biggest source of SIP spam in the future. >>>>>> >>>>>> Consequently, we should address this issue when developing an >>>>>> architecture for reducing SIP spam in the RUCUS WG. The >>>>>> architecture should be general enough for covering also >>>>>> >> means that >> >>>>>> reduce SIP spam from bot nets and compromized accounts >>>>>> >>>>>> Whether or not to work on this problem is being discussed highly >>>>>> controversially in the IETF. But considering that the >>>>>> >> RUCUS BoF is >> >>>>>> targeted at establishing not a regular working group, but an RFC >>>>>> 5111 Exploratory Group, I do not think it would be >>>>>> >> appropriate to >> >>>>>> exclude such work from the beginning. >>>>>> >>>>>> It should rather be part of the exploratory work to find out >>>>>> whether or not reducing SIP spam from bot nets is a >>>>>> >> target worth to >> >>>>>> be attacked by the IETF. >>>>>> >>>>>> -- >>>>>> Dan York, CISSP, Director of Emerging Communication Technology >>>>>> Office of the CTO Voxeo Corporation dyork@voxeo.com >>>>>> Phone: +1-407-455-5859 Skype: danyork http://www.voxeo.com >>>>>> Blogs: http://blogs.voxeo.com http://www.disruptivetelephony.com >>>>>> >>>>>> Bring your web applications to the phone. >>>>>> Find out how at http://evolution.voxeo.com >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> DISCLAIMER >>>>>> The information contained in this electronic mail may be >>>>>> confidential or legally privileged. It is for the intended >>>>>> recipient(s) only. Should you receive this message in >>>>>> >>>>>> >>>> error, please >>>> >>>> >>>>>> notify the sender by replying to this mail. Unless >>>>>> >>>>>> >>>> expressly stated, >>>> >>>> >>>>>> opinions in this message are those of the individual >>>>>> >>>>>> >>>> sender and not >>>> >>>> >>>>>> of GFI. Unauthorized use of the contents is strictly >>>>>> >> prohibited. >> >>>>>> While all care has been taken, GFI is not responsible for the >>>>>> integrity of the contents of this electronic mail and any >>>>>> attachments included within. >>>>>> >>>>>> This mail was checked for viruses by GFI MailSecurity. GFI also >>>>>> develops anti-spam software (GFI MailEssentials), a fax >>>>>> >>>>>> >>>> server (GFI >>>> >>>> >>>>>> FAXmaker), and network security and management software (GFI >>>>>> LANguard) - www.gfi.com >>>>>> >>>>>> _______________________________________________ >>>>>> Rucus mailing list >>>>>> Rucus@ietf.org >>>>>> http://www.ietf.org/mailman/listinfo/rucus >>>>>> >>>>>> >>>>>> >>>>> _______________________________________________ >>>>> spitstop mailing list >>>>> spitstop@listserv.netlab.nec.de >>>>> https://listserv.netlab.nec.de/mailman/listinfo/spitstop >>>>> >>>>> >>>>> >>>> _______________________________________________ >>>> spitstop mailing list >>>> spitstop@listserv.netlab.nec.de >>>> https://listserv.netlab.nec.de/mailman/listinfo/spitstop >>>> >>>> >>>> >> _______________________________________________ Rucus mailing list Rucus@ietf.org http://www.ietf.org/mailman/listinfo/rucus
- [Rucus] Draft RUCUS charter Juergen Quittek
- Re: [Rucus] Draft RUCUS charter Hannes Tschofenig
- Re: [Rucus] Draft RUCUS charter Saverio Niccolini
- [Rucus] Botnets, take 2... Re: Draft RUCUS charter Dan York
- Re: [Rucus] Draft RUCUS charter Hannes Tschofenig
- Re: [Rucus] Draft RUCUS charter Juergen Quittek
- Re: [Rucus] Botnets, take 2... Re: Draft RUCUS ch… Brian Azzopardi
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Fischer, Kai
- Re: [Rucus] Draft RUCUS charter Martin Stiemerling
- Re: [Rucus] Botnets, take 2... Re: Draft RUCUS ch… Henning Schulzrinne
- Re: [Rucus] Botnets, take 2... Re: Draft RUCUS ch… Dan York
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Saverio Niccolini
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Saverio Niccolini
- Re: [Rucus] Botnets, take 2... Re: Draft RUCUS ch… Otmar Lendl
- [Rucus] EG vs WG - Re: [spitstop] Botnets, take 2… Dan York
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Dan Wing
- Re: [Rucus] Draft RUCUS charter Hannes Tschofenig
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Hannes Tschofenig
- Re: [Rucus] Botnets, take 2... Re: Draft RUCUS ch… Hannes Tschofenig
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Hannes Tschofenig
- Re: [Rucus] EG vs WG - Re: [spitstop] Botnets, ta… Hannes Tschofenig
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Jan Seedorf
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Hannes Tschofenig
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Fischer, Kai
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Saverio Niccolini
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Saverio Niccolini
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Hannes Tschofenig
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Hannes Tschofenig
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Hannes Tschofenig
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Hannes Tschofenig
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Peter Saint-Andre
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Fischer, Kai
- [Rucus] Let's ONLY send to RUCUS now, please! (an… Dan York
- Re: [Rucus] EG vs WG - Re: [spitstop] Botnets, ta… Peter Saint-Andre
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Hannes Tschofenig
- Re: [Rucus] EG vs WG - Re: [spitstop] Botnets, ta… Hannes Tschofenig
- Re: [Rucus] EG vs WG - Re: [spitstop] Botnets, ta… Dan York
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Charzinski, Joachim (NSN - DE/Muenich)
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Saverio Niccolini
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Saverio Niccolini
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Otmar Lendl
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Otmar Lendl
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Otmar Lendl
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Henning Schulzrinne
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Jan Seedorf
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Saverio Niccolini
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Otmar Lendl
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Hannes Tschofenig