IETF Logo Mail Archive

Re: [Rucus] [spitstop] Botnets, take 2... Re: Draft RUCUS charter

"Saverio Niccolini" <Saverio.Niccolini@nw.neclab.eu> Fri, 22 February 2008 18:23 UTC

Return-Path: <rucus-bounces@ietf.org>
X-Original-To: ietfarch-rucus-archive@core3.amsl.com
Delivered-To: ietfarch-rucus-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E44753A6CD7; Fri, 22 Feb 2008 10:23:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.305
X-Spam-Level:
X-Spam-Status: No, score=-0.305 tagged_above=-999 required=5 tests=[AWL=-0.260, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1, SARE_UNSUB30=0.351, SARE_UNSUB30B=0.041]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EplyGPgJZfBI; Fri, 22 Feb 2008 10:22:59 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 13B9C28C366; Fri, 22 Feb 2008 10:22:59 -0800 (PST)
X-Original-To: rucus@core3.amsl.com
Delivered-To: rucus@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2AECB3A67F3 for <rucus@core3.amsl.com>; Fri, 22 Feb 2008 10:22:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id idwmcFWTNV2m for <rucus@core3.amsl.com>; Fri, 22 Feb 2008 10:22:51 -0800 (PST)
Received: from smtp0.neclab.eu (smtp0.neclab.eu [195.37.70.41]) by core3.amsl.com (Postfix) with ESMTP id 177073A684C for <rucus@ietf.org>; Fri, 22 Feb 2008 10:22:51 -0800 (PST)
Received: from localhost (localhost.office [127.0.0.1]) by smtp0.neclab.eu (Postfix) with ESMTP id BA5382C000357 for <rucus@ietf.org>; Fri, 22 Feb 2008 19:22:46 +0100 (CET)
X-Virus-Scanned: Amavisd on Debian GNU/Linux (atlas2.office)
Received: from smtp0.neclab.eu ([127.0.0.1]) by localhost (atlas2.office [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iYHHkJUCk7ma for <rucus@ietf.org>; Fri, 22 Feb 2008 19:22:46 +0100 (CET)
Received: from mx1.office (mx1.office [10.1.1.23]) by smtp0.neclab.eu (Postfix) with ESMTP id 9EFC32C000355 for <rucus@ietf.org>; Fri, 22 Feb 2008 19:22:41 +0100 (CET)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Fri, 22 Feb 2008 19:22:40 +0100
Message-ID: <5F6519BF2DE0404D99B7C75607FF76FF53DBF3@mx1.office>
In-Reply-To: <47BEC2A8.50201@gmx.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [spitstop] [Rucus] Botnets, take 2... Re: Draft RUCUS charter
Thread-Index: Ach1UA/xSBrEa3+bSJ6KekG83sYFhgALcnMw
References: <C3E0C78D.4346A%Quittek@nw.neclab.eu> <3A86FA4E-6D4A-43FE-B380-6676CD4BCD90@voxeo.com> DEFANGED[1]:DEFANGED[4]:<42B56C6A683EBA4581C01CB49A914CA70E6EA261@MAILFAXSRV.gfimalta.com><909E8DC8-CB3A-478D-995F-94A4B3656D8D@cs.columbia.edu><47BEAEE3.4040701@gmx.net><113091BD57179D4491C19DA7E10CD69601B56 " " 39F@mx1.offi " " ce> <47BEB721.8040305@gmx.net> <5F6519BF2DE0404D99B7C75607FF76FF53DB8D@mx1.office> <47BEC2A8.50201@gmx.net>
From: Saverio Niccolini <Saverio.Niccolini@nw.neclab.eu>
To: rucus@ietf.org
Subject: Re: [Rucus] [spitstop] Botnets, take 2... Re: Draft RUCUS charter
X-BeenThere: rucus@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <rucus.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/rucus>, <mailto:rucus-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/rucus>
List-Post: <mailto:rucus@ietf.org>
List-Help: <mailto:rucus-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/rucus>, <mailto:rucus-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: rucus-bounces@ietf.org
Errors-To: rucus-bounces@ietf.org

> > You do not contact Henning directly to tell him that something is 
> > wrong. You have to rely on your infrastructure to take the 
> necessary 
> > countermeasures otherwise it is the anarchy...
> >   
> Why wouldn't I contact him directly?

-1- you are saying that if people in the world receive 1.000.000 spam
calls then they should generate an equal number of calls to let the
other people know? I am sure there are more intelligent things to do
than that...
-2- have you ever heard of reflection attacks when reading about DoS,
what if the purpose of the compromised account is not only to deliver
you a telemarketing call but also to move people to bring down
Henning's phone by calling him back?

I hope these two are enough to understand that what you 
suggest is in principle NOT the solution...

> > That is why exchanging reputation of identities (as perceived by 
> > end-users or domains) is an important building block.
> > Such reputation system (one of the points of RFC 5039) can be built 
> > using mechanisms like feedbacks:
> > http://tools.ietf.org/html/draft-niccolini-sipping-spam-feedback-00
> > and spam scores:
> > http://tools.ietf.org/html/draft-wing-sipping-spam-score-01
> > of course there are privacy issues that apply (but this is 
> a problem 
> > of reputation systems as well) :-)
> >   
> There is a long way to go between a global reputation system 
> and the drafts you mention above.

I thought we are talking about the general architecture and its
building blocks... Those are building blocks that belong to the
general architecture. The way is long and if we wait until it is
too late there will be no end to the road, better start now then...

> > It seems this list is converging to the point we tried to 
> raise since 
> > 2006, I should be happy :-)
> >    
> Nobody is saying that these mechanisms do not exist on paper. 
> They just have a quite challenging deployment story and the 
> protocol issue is the least problematic thing to worry about: 
> it is the trust relationships you have to establish between 
> the VoIP provider. If you think about a model similar to 
> email then you will have a hard time to establish such an 
> infrastructure.

Are you saying that a model with white lists for calls would be
more acceptable then? That my mother (even if she learnt how to use
the PC since I am living abroad just to stay in contact with me)
would configure her white list and switch its authorization policies
every time she wants to be contacted by unknown people?
Are you aware of how many people nowadays do not use properly
presence indicators? (even skilled people)

I would say my mother would rely on the provider to filter the
vary bad calls on her behalf (using some sort of spam score and
reputation system) and if she receives a spam call every now and then
she would be able to press a button on her phone for "spam feedback"

And of course, she has some authorization policies (but not the one:
receive call only from white list...)

That is why the "white list" concept is not enough without the
"black list" concept. and I think it would be nonsense for RUCUS
to focus only on "white list" and related architecture
(remember that reputation is both "white" and "black"...)

Saverio

> 
> Ciao
> Hannes
> 
> > Saverio
> >
> > ============================================================
> > Dr. Saverio Niccolini
> > Senior Researcher
> > NEC Laboratories Europe, Network Research Division	
> > Kurfuerstenanlage 36, D-69115 Heidelberg
> > Tel.     +49 (0)6221 4342-118
> > Fax:     +49 (0)6221 4342-155
> > e-mail:  saverio.niccolini@nw.neclab.eu <-- !!! NEW ADDRESS !!!
> > ============================================================
> > NEC Europe Limited Registered Office: NEC House, 1 Victoria
> > Road, London W3 6BL Registered in England 2832014
> >  
> > _______________________________________________
> > spitstop mailing list
> > spitstop@listserv.netlab.nec.de
> > https://listserv.netlab.nec.de/mailman/listinfo/spitstop
> >   
> 
> 


============================================================
Dr. Saverio Niccolini
Senior Researcher
NEC Laboratories Europe, Network Research Division	
Kurfuerstenanlage 36, D-69115 Heidelberg
Tel.     +49 (0)6221 4342-118
Fax:     +49 (0)6221 4342-155
e-mail:  saverio.niccolini@nw.neclab.eu <-- !!! NEW ADDRESS !!!
============================================================
NEC Europe Limited Registered Office: NEC House, 1 Victoria
Road, London W3 6BL Registered in England 2832014
_______________________________________________
Rucus mailing list
Rucus@ietf.org
http://www.ietf.org/mailman/listinfo/rucus

v2.23.0 | Report a Bug | By Email