IETF Logo Mail Archive

Re: [Rucus] [spitstop] Botnets, take 2... Re: Draft RUCUS charter

"Saverio Niccolini" <Saverio.Niccolini@nw.neclab.eu> Fri, 22 February 2008 12:19 UTC

Return-Path: <rucus-bounces@ietf.org>
X-Original-To: ietfarch-rucus-archive@core3.amsl.com
Delivered-To: ietfarch-rucus-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7DAE928C2C8; Fri, 22 Feb 2008 04:19:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.49
X-Spam-Level:
X-Spam-Status: No, score=-0.49 tagged_above=-999 required=5 tests=[AWL=-0.053, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qR7agiWaJunl; Fri, 22 Feb 2008 04:19:33 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AA74128C2AF; Fri, 22 Feb 2008 04:19:33 -0800 (PST)
X-Original-To: rucus@core3.amsl.com
Delivered-To: rucus@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 69D5C28C1D9 for <rucus@core3.amsl.com>; Fri, 22 Feb 2008 04:19:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 382IQfyzfJkF for <rucus@core3.amsl.com>; Fri, 22 Feb 2008 04:19:31 -0800 (PST)
Received: from smtp0.neclab.eu (smtp0.neclab.eu [195.37.70.41]) by core3.amsl.com (Postfix) with ESMTP id 5569428C218 for <rucus@ietf.org>; Fri, 22 Feb 2008 04:19:31 -0800 (PST)
Received: from localhost (localhost.office [127.0.0.1]) by smtp0.neclab.eu (Postfix) with ESMTP id 149472C000355; Fri, 22 Feb 2008 13:19:27 +0100 (CET)
X-Virus-Scanned: Amavisd on Debian GNU/Linux (atlas2.office)
Received: from smtp0.neclab.eu ([127.0.0.1]) by localhost (atlas2.office [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iRht3UkMfIWJ; Fri, 22 Feb 2008 13:19:27 +0100 (CET)
Received: by smtp0.neclab.eu (Postfix, from userid 1001) id 002022C000357; Fri, 22 Feb 2008 13:19:26 +0100 (CET)
Received: from mx1.office (mx1.office [10.1.1.23]) by smtp0.neclab.eu (Postfix) with ESMTP id ADB8C2C000355; Fri, 22 Feb 2008 13:19:16 +0100 (CET)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Fri, 22 Feb 2008 13:19:15 +0100
Message-ID: <5F6519BF2DE0404D99B7C75607FF76FF53DB8D@mx1.office>
In-Reply-To: <47BEB721.8040305@gmx.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [spitstop] [Rucus] Botnets, take 2... Re: Draft RUCUS charter
Thread-Index: Ach1SUC506mzvPJHRR6IMElR1Qc4AgAAkkGg
References: <C3E0C78D.4346A%Quittek@nw.neclab.eu> <3A86FA4E-6D4A-43FE-B380-6676CD4BCD90@voxeo.com> DEFANGED[4]:<42B56C6A683EBA4581C01CB49A914CA70E6EA261@MAILFAXSRV.gfimalta.com><909E8DC8-CB3A-478D-995F-94A4B3656D8D@cs.columbia.edu><47BEAEE3.4040701@gmx.net><113091BD57179D4491C19DA7E10CD69601B5639F@mx1.offi " " ce> <47BEB721.8040305@gmx.net>
From: Saverio Niccolini <Saverio.Niccolini@nw.neclab.eu>
To: rucus@ietf.org, Signaling TO Prevent SPIT <spitstop@listserv.netlab.nec.de>
X-Sanitizer: This message has been sanitized!
MIME-Version: 1.0
Subject: Re: [Rucus] [spitstop] Botnets, take 2... Re: Draft RUCUS charter
X-BeenThere: rucus@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <rucus.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/rucus>, <mailto:rucus-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/rucus>
List-Post: <mailto:rucus@ietf.org>
List-Help: <mailto:rucus-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/rucus>, <mailto:rucus-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: rucus-bounces@ietf.org
Errors-To: rucus-bounces@ietf.org

Hannes, all,

> Let's take an example:
> When Henning's host is compromised and a bot is using 
> Henning's account to send me spam then I would contact 
> Henning (by using various ways) to tell him that something is 
> wrong with his PC/phone/etc. I would not tell my VoIP 
> provider that there is something wrong with Henning's account. 
> Typically, this will lead to more problems rather than less 
> -- such as no communication to Columbia University anymore 
> because my VoIP provider just blocks all calls from that domain.
> 
> (Just to reflect my experience with email problems in the company....)

You do not contact Henning directly to tell him that something
is wrong. You have to rely on your infrastructure to take the
necessary countermeasures otherwise it is the anarchy...

That is why exchanging reputation of identities (as perceived by
end-users or domains) is an important building block.
Such reputation system (one of the points of RFC 5039) can be built
using mechanisms like feedbacks:
http://tools.ietf.org/html/draft-niccolini-sipping-spam-feedback-00
and spam scores:
http://tools.ietf.org/html/draft-wing-sipping-spam-score-01
of course there are privacy issues that apply (but this is 
a problem of reputation systems as well) :-)

It seems this list is converging to the point we tried to raise 
since 2006, I should be happy :-)

Saverio

============================================================
Dr. Saverio Niccolini
Senior Researcher
NEC Laboratories Europe, Network Research Division	
Kurfuerstenanlage 36, D-69115 Heidelberg
Tel.     +49 (0)6221 4342-118
Fax:     +49 (0)6221 4342-155
e-mail:  saverio.niccolini@nw.neclab.eu <-- !!! NEW ADDRESS !!!
============================================================
NEC Europe Limited Registered Office: NEC House, 1 Victoria
Road, London W3 6BL Registered in England 2832014
 
_______________________________________________
Rucus mailing list
Rucus@ietf.org
http://www.ietf.org/mailman/listinfo/rucus

v2.23.0 | Report a Bug | By Email