Re: [Rucus] [spitstop] Botnets, take 2... Re: Draft RUCUS charter
Hannes Tschofenig <Hannes.Tschofenig@gmx.net> Fri, 22 February 2008 12:29 UTC
Return-Path: <rucus-bounces@ietf.org>
X-Original-To: ietfarch-rucus-archive@core3.amsl.com
Delivered-To: ietfarch-rucus-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6BCB728C340; Fri, 22 Feb 2008 04:29:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.358
X-Spam-Level:
X-Spam-Status: No, score=-0.358 tagged_above=-999 required=5 tests=[AWL=-0.313, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1, SARE_UNSUB30=0.351, SARE_UNSUB30B=0.041]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2CoIv95fAWW3; Fri, 22 Feb 2008 04:29:45 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C539328C2FF; Fri, 22 Feb 2008 04:29:45 -0800 (PST)
X-Original-To: rucus@core3.amsl.com
Delivered-To: rucus@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CCE4828C315 for <rucus@core3.amsl.com>; Fri, 22 Feb 2008 04:29:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7UfUq18PJjFV for <rucus@core3.amsl.com>; Fri, 22 Feb 2008 04:29:43 -0800 (PST)
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by core3.amsl.com (Postfix) with SMTP id 3CFE928C2FF for <rucus@ietf.org>; Fri, 22 Feb 2008 04:29:42 -0800 (PST)
Received: (qmail invoked by alias); 22 Feb 2008 12:29:37 -0000
Received: from proxy1-nsn.nsn-inter.net (EHLO [217.115.75.229]) [217.115.75.229] by mail.gmx.net (mp046) with SMTP; 22 Feb 2008 13:29:37 +0100
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1/z4cYahAbzzeRkY/QSn7tVPTJHRQ9MsDdYAXyP0U u+MrknHLojEOEw
Message-ID: <47BEC03A.8070009@gmx.net>
Date: Fri, 22 Feb 2008 14:29:46 +0200
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
User-Agent: Thunderbird 2.0.0.12 (Windows/20080213)
MIME-Version: 1.0
To: "Fischer, Kai" <kai.fischer@siemens.com>
References: <C3E0C78D.4346A%Quittek@nw.neclab.eu> <3A86FA4E-6D4A-43FE-B380-6676CD4BCD90@voxeo.com> <42B56C6A683EBA4581C01CB49A914CA70E6EA261@MAILFAXSRV.gfimalta.com><909E8DC8-CB3A-478D-995F-94A4B3656D8D@cs.columbia.edu><47BEAEE3.4040701@gmx.net><113091BD57179D4491C19DA7E10CD69601B5639F@mx1.office> <47BEB721.8040305@gmx.net> <198A10EC585EC74687BCA414E2A5971802093DFC@MCHP7RDA.ww002.siemens.net>
In-Reply-To: <198A10EC585EC74687BCA414E2A5971802093DFC@MCHP7RDA.ww002.siemens.net>
X-Y-GMX-Trusted: 0
Cc: rucus@ietf.org, Jan Seedorf <Jan.Seedorf@nw.neclab.eu>, Juergen Quittek <Quittek@nw.neclab.eu>
Subject: Re: [Rucus] [spitstop] Botnets, take 2... Re: Draft RUCUS charter
X-BeenThere: rucus@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Hannes.Tschofenig@gmx.net
List-Id: <rucus.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/rucus>, <mailto:rucus-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/rucus>
List-Post: <mailto:rucus@ietf.org>
List-Help: <mailto:rucus-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/rucus>, <mailto:rucus-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: rucus-bounces@ietf.org
Errors-To: rucus-bounces@ietf.org
Hi Kai, Fischer, Kai wrote: >> Let's take an example: >> When Henning's host is compromised and a bot is using >> Henning's account >> to send me spam then I would contact Henning (by using >> various ways) to >> tell him that something is wrong with his PC/phone/etc. I >> would not tell >> my VoIP provider that there is something wrong with Henning's >> account. >> Typically, this will lead to more problems rather than less >> -- such as >> no communication to Columbia University anymore because my >> VoIP provider >> just blocks all calls from that domain. >> >> (Just to reflect my experience with email problems in the company....) >> > > I don't assume that the sender of spam usually is a person I personally > know and whom I want to contact directly (still more personal > disturbance and effort). Applying very restrictive white lists allowing > only personal known people to contact me may be yes, but I expect that > this is not usual scenario (I have no email white list). > > The spammer is not known; however, for the case we are considering here the account of someone from your buddy list is being used for spamming. If you are spamming me then I would obviously get in touch with you and ask you what you want. It is true that you have no email white list -- this is, however, a drawback for email that we don't need to repeat again. Consider Instant Messaging, for example, many people us a mixture between white lists and black lists. Very common today! For the PSTN there are obviously no white lists either Ciao Hannes > >> -----Original Message----- >> From: spitstop-bounces@listserv.netlab.nec.de >> [mailto:spitstop-bounces@listserv.netlab.nec.de] On Behalf Of >> Hannes Tschofenig >> Sent: Freitag, 22. Februar 2008 12:51 >> To: Jan Seedorf >> Cc: Brian Azzopardi; rucus@ietf.org; Signaling TO Prevent >> SPIT; Juergen Quittek >> Subject: Re: [spitstop] [Rucus] Botnets, take 2... Re: Draft >> RUCUS charter >> >> Hi Jan, >> >> >> Jan Seedorf wrote: >> >>> Dear Hannes, >>> >>> >>> >>>> I think we should put Henning's classification somewhere in >>>> our documents. >>>> >>>> >>> I also like Henning's classification because it narrows >>> >> down where the problem with botnets regarding SPIT is. >> >>> >>> >>>>> - Uses credentials, spams addresses in addressbook: >>>>> >>>>> >>>> whitelists don't >>>> >>>> >>>>> help, but at least the sender can be identified and >>>>> >>>>> >>>> fixed/fined/taken >>>> >>>> >>>>> offline. >>>>> >>>>> >>> I fully agree: this is the problem and the "compromised >>> >> identity" then needs to be identified and blocked. One >> question then is, how can we share the identification of a >> not-trustworthy identity (as perceived by end-users or >> domains) among SIP-entities/domains. One building block I see >> here clearly is >> >> http://www.ietf.org/internet-drafts/draft-niccolini-sipping-sp >> > am-feedback-00.txt > >>> >>> >> Let's take an example: >> When Henning's host is compromised and a bot is using >> Henning's account >> to send me spam then I would contact Henning (by using >> various ways) to >> tell him that something is wrong with his PC/phone/etc. I >> would not tell >> my VoIP provider that there is something wrong with Henning's >> account. >> Typically, this will lead to more problems rather than less >> -- such as >> no communication to Columbia University anymore because my >> VoIP provider >> just blocks all calls from that domain. >> >> (Just to reflect my experience with email problems in the company....) >> >> >>> for giving users the possibility to indicate that some >>> >> identity may not be trustworthy anymore (e.g., because it got >> compromised in the sense Henning describes above). Additionally, >> >>> http://tools.ietf.org/html/draft-wing-sipping-spam-score-01 >>> and >>> >>> >> http://www.ietf.org/internet-drafts/draft-seedorf-sipping-spam >> > -score-semantics-00.txt > >>> offer a solution for signalling such information between >>> >> entities. Note that in the semantics draft we tried to point >> the importance of having a precise meaning associated with a >> SPIT score. >> >>> >>> >> I haven't read draft-seedorf-sipping-spam-score-semantics-00.txt yet. >> Comments later. >> >> >> Ciao >> Hannes >> >> >>> - Jan >>> >>> >>> >>>> -----Original Message----- >>>> From: spitstop-bounces@listserv.netlab.nec.de >>>> [mailto:spitstop-bounces@listserv.netlab.nec.de] On Behalf Of >>>> Hannes Tschofenig >>>> Sent: Friday, February 22, 2008 12:16 PM >>>> To: Signaling TO Prevent SPIT >>>> Cc: Brian Azzopardi; rucus@ietf.org; Juergen Quittek >>>> Subject: Re: [spitstop] [Rucus] Botnets, take 2... Re: Draft >>>> RUCUS charter >>>> >>>> I think we should put Henning's classification somewhere in >>>> our documents. >>>> >>>> I had a chat with Peter Saint-Andre this week and he reported >>>> me about problems they had with malicious users (potentially >>>> using the XMPP servers for file sharing) in their XMPP server >>>> infrastructure. He told me that their community is looking >>>> into a mechanism to allow one domain to report problems to >>>> another domain. This would correspond to Henning's 2nd >>>> category below and a mechanisms similar to the one described >>>> in >>>> http://www.ietf.org/internet-drafts/draft-niccolini-sipping-sp >>>> am-feedback-00.txt >>>> would be useful (expect that it would not be run between the >>>> end host and the VoIP provider but between two VoIP providers). >>>> >>>> Ciao >>>> Hannes >>>> >>>> PS: I put Peter on CC in case I misunderstood something. >>>> >>>> Henning Schulzrinne wrote: >>>> >>>> >>>>> There are three sub-cases of bot nets: >>>>> >>>>> - Just uses host, without credentials: identity-based >>>>> >> whitelisting >> >>>>> works (subject to the usual problems with whitelisting) >>>>> >>>>> - Uses credentials, but spews randomly: unlikely that the >>>>> >> recipient >> >>>>> will have that person in their whitelist, so still manageable. >>>>> >>>>> - Uses credentials, spams addresses in addressbook: >>>>> >>>>> >>>> whitelists don't >>>> >>>> >>>>> help, but at least the sender can be identified and >>>>> >>>>> >>>> fixed/fined/taken >>>> >>>> >>>>> offline. >>>>> >>>>> I'm not trying to downplay bot nets, just that this is a bit more >>>>> nuanced. >>>>> >>>>> Henning >>>>> >>>>> On Feb 20, 2008, at 3:37 AM, Brian Azzopardi wrote: >>>>> >>>>> >>>>> >>>>> >>>>>> Dan, >>>>>> >>>>>> I am afraid that we may have to hit the ground running. >>>>>> >>>>>> >>>> Email spam is >>>> >>>> >>>>>> already a big industry with well established operators. >>>>>> >>>>>> >>>> Spewing out >>>> >>>> >>>>>> SPIT instead of email spam is just another 'product' for them. >>>>>> Only amateur SPITers will use spitter and other such tools - the >>>>>> professional ones already have the infrastructure in place >>>>>> >>>>>> >>>> and they'd >>>> >>>> >>>>>> be irrational not to reuse it for SPIT - they will just short- >>>>>> circuit to your step 5. We do need to think deeply about >>>>>> >>>>>> >>>> botnets - >>>> >>>> >>>>>> they are the principal means of sending spam and have >>>>>> >> been for at >> >>>>>> least the last 2 years. >>>>>> >>>>>> Regards, >>>>>> >>>>>> Brian Azzopardi - Senior Business Analyst GFI Software - >>>>>> >>>>>> >>>> www.gfi.com >>>> >>>> >>>>>> From: rucus-bounces@ietf.org [mailto:rucus-bounces@ietf.org] On >>>>>> Behalf Of Dan York >>>>>> Sent: 19 February 2008 21:24 >>>>>> To: Juergen Quittek >>>>>> Cc: rucus@ietf.org; Signaling TO Prevent SPIT >>>>>> Subject: [Rucus] Botnets, take 2... Re: Draft RUCUS charter >>>>>> >>>>>> Juergen (and Saverio and others), >>>>>> >>>>>> I appreciate the point you are raising here. My interest and >>>>>> passion are in networking, communication and security. To me, >>>>>> botnets are both incredibly fascinating and incredibly >>>>>> >>>>>> >>>> terrifying. >>>> >>>> >>>>>> I agree with you that botnets very certainly may be the biggest >>>>>> source of SIP spam in the future. >>>>>> >>>>>> Here's my problem: >>>>>> >>>>>> We have to crawl before we can walk and before we can run. >>>>>> >>>>>> Let's say that this is the (incredibly simplistic view of the) >>>>>> evolution of email spam: >>>>>> >>>>>> 1. Someone figures out that they can send advertisements >>>>>> >>>>>> >>>> to a range >>>> >>>> >>>>>> of email addresses they have collected. >>>>>> 2. Someone realizes that they can add those addresses to a >>>>>> >>>>>> >>>> "mailing >>>> >>>> >>>>>> list" to easily send to a large number of addresses. >>>>>> 3. Tools are developed that automate the collection of >>>>>> >>>>>> >>>> addresses and >>>> >>>> >>>>>> the sending out of messages. >>>>>> 4. At a certain time, there are enough people using email >>>>>> >>>>>> >>>> out there >>>> >>>> >>>>>> that this whole area of email advertising is a huge financial >>>>>> marketplace. Companies/entities set up server farms to >>>>>> >>>>>> >>>> just send out >>>> >>>> >>>>>> tons of email messages. (Defenders blacklist those servers.) >>>>>> 5. Those "servers" get distributed into massive botnets >>>>>> >>>>>> >>>> and are then >>>> >>>> >>>>>> able to avoid blacklisting, etc. >>>>>> >>>>>> I have absolutely no doubt that SIP spam will >>>>>> >>>>>> >>>> unfortunately follow >>>> >>>> >>>>>> the exact same trajectory. We're already seeing the tools to >>>>>> automate SPIT (here's one: >>>>>> >>>>>> >>>> http://www.hackingvoip.com/tools/spitter.tar.gz >>>> >>>> >>>>>> ). At some point we will hit my #4 when there are >>>>>> >> enough people >> >>>>>> using SIP *with publicly accessible SIP addresses* that it >>>>>> >>>>>> >>>> becomes >>>> >>>> >>>>>> financially lucrative enough for the larger automation >>>>>> >> to occur - >> >>>>>> and following on the heels of that will be the botnets. >>>>>> >> It will >> >>>>>> happen. To me it's not a question of IF but rather WHEN. >>>>>> >>>>>> Right now, though, we're still in my steps 1-3 as people >>>>>> >> start to >> >>>>>> get SIP endpoints and realize how they can abuse them. >>>>>> >>>>>> My concern about adding the focus on botnets into RUCUS is >>>>>> >>>>>> >>>> the fact >>>> >>>> >>>>>> that we can easily get distracted into looking at how to solve >>>>>> bigger issues and not get done the smaller issues that we can >>>>>> perhaps address today. >>>>>> >>>>>> Let's face it, probably all of us on this list would be >>>>>> >>>>>> >>>> categorized >>>> >>>> >>>>>> as early adopters who like to explore cutting edge >>>>>> >>>>>> >>>> technologies. We >>>> >>>> >>>>>> like to chase bright shiny objects and what is new and sexy and >>>>>> interesting. Let's say that you have a choice at the next >>>>>> >>>>>> >>>> IETF to >>>> >>>> >>>>>> listen to either: >>>>>> 1. a presentation on a SIP header to pass a "spam score" value >>>>>> between a SIP proxy and a UA; or >>>>>> 2. a presentation about SIP botnets, how they are >>>>>> >> constructed and >> >>>>>> the threats they pose. >>>>>> I would expect that probably 90% of us would choose the >>>>>> >>>>>> >>>> botnet talk. >>>> >>>> >>>>>> (No disrespect intended to the spam-score folks, just using an >>>>>> example.) The reality, though, is that the spam score >>>>>> >> discussion >> >>>>>> might be far more useful in moving us toward solutions >>>>>> >> that will >> >>>>>> help us with the people abusing SIP systems today. I >>>>>> >>>>>> >>>> don't want to >>>> >>>> >>>>>> wake up some day and find out that while we've been having >>>>>> >>>>>> >>>> a ton of >>>> >>>> >>>>>> discussions about botnets, some idiot meanwhile is repeatedly >>>>>> connecting to my SIP server and pumping our voicemail >>>>>> >>>>>> >>>> system full of >>>> >>>> >>>>>> SPIT. >>>>>> >>>>>> Maybe it's crazy on my part, but I want to see RUCUS have >>>>>> >>>>>> >>>> a charter >>>> >>>> >>>>>> that results in an achievable plan and architecture. >>>>>> >>>>>> Yes, we should consider botnets as a potential source of >>>>>> >> SIP spam >> >>>>>> and, yes, the potential existence of SIP botnets should be >>>>>> >>>>>> >>>> included >>>> >>>> >>>>>> in our thinking about an architecture to address SIP spam >>>>>> >>>>>> >>>> (so that >>>> >>>> >>>>>> any architecture we come up with does not discount dealing with >>>>>> botnets). But I also think we need to stay focused on >>>>>> >>>>>> >>>> what we can >>>> >>>> >>>>>> do now about the threats that are out there today (before >>>>>> >>>>>> >>>> it's too >>>> >>>> >>>>>> late). Let's crawl first, then walk, then run. >>>>>> >>>>>> My 2 cents, >>>>>> Dan >>>>>> >>>>>> On Feb 19, 2008, at 11:51 AM, Juergen Quittek wrote: >>>>>> Today, most of the spam email comes from bot-nets and recently >>>>>> email spammers started to send massively from compromized >>>>>> valid email accounts. I do not see why this would not become >>>>>> also the biggest source of SIP spam in the future. >>>>>> >>>>>> Consequently, we should address this issue when developing an >>>>>> architecture for reducing SIP spam in the RUCUS WG. The >>>>>> architecture should be general enough for covering also means >>>>>> that reduce SIP spam from bot nets and compromized accounts >>>>>> >>>>>> Whether or not to work on this problem is being discussed >>>>>> highly controversially in the IETF. But considering that the >>>>>> RUCUS BoF is targeted at establishing not a regular working >>>>>> group, but an RFC 5111 Exploratory Group, I do not think it >>>>>> would be appropriate to exclude such work from the beginning. >>>>>> >>>>>> It should rather be part of the exploratory work to find out >>>>>> whether or not reducing SIP spam from bot nets is a target >>>>>> worth to be attacked by the IETF. >>>>>> >>>>>> -- >>>>>> Dan York, CISSP, Director of Emerging Communication Technology >>>>>> Office of the CTO Voxeo Corporation dyork@voxeo.com >>>>>> Phone: +1-407-455-5859 Skype: danyork http://www.voxeo.com >>>>>> Blogs: http://blogs.voxeo.com http://www.disruptivetelephony.com >>>>>> >>>>>> Bring your web applications to the phone. >>>>>> Find out how at http://evolution.voxeo.com >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> DISCLAIMER >>>>>> The information contained in this electronic mail may be >>>>>> confidential or legally privileged. It is for the intended >>>>>> recipient(s) only. Should you receive this message in >>>>>> >>>>>> >>>> error, please >>>> >>>> >>>>>> notify the sender by replying to this mail. Unless >>>>>> >>>>>> >>>> expressly stated, >>>> >>>> >>>>>> opinions in this message are those of the individual >>>>>> >>>>>> >>>> sender and not >>>> >>>> >>>>>> of GFI. Unauthorized use of the contents is strictly >>>>>> >> prohibited. >> >>>>>> While all care has been taken, GFI is not responsible for the >>>>>> integrity of the contents of this electronic mail and any >>>>>> attachments included within. >>>>>> >>>>>> This mail was checked for viruses by GFI MailSecurity. GFI also >>>>>> develops anti-spam software (GFI MailEssentials), a fax >>>>>> >>>>>> >>>> server (GFI >>>> >>>> >>>>>> FAXmaker), and network security and management software (GFI >>>>>> LANguard) - www.gfi.com >>>>>> >>>>>> _______________________________________________ >>>>>> Rucus mailing list >>>>>> Rucus@ietf.org >>>>>> http://www.ietf.org/mailman/listinfo/rucus >>>>>> >>>>>> >>>>>> >>>>> _______________________________________________ >>>>> spitstop mailing list >>>>> spitstop@listserv.netlab.nec.de >>>>> https://listserv.netlab.nec.de/mailman/listinfo/spitstop >>>>> >>>>> >>>>> >>>> _______________________________________________ >>>> spitstop mailing list >>>> spitstop@listserv.netlab.nec.de >>>> https://listserv.netlab.nec.de/mailman/listinfo/spitstop >>>> >>>> >>>> >> _______________________________________________ >> spitstop mailing list >> spitstop@listserv.netlab.nec.de >> https://listserv.netlab.nec.de/mailman/listinfo/spitstop >> >> _______________________________________________ Rucus mailing list Rucus@ietf.org http://www.ietf.org/mailman/listinfo/rucus
- [Rucus] Draft RUCUS charter Juergen Quittek
- Re: [Rucus] Draft RUCUS charter Hannes Tschofenig
- Re: [Rucus] Draft RUCUS charter Saverio Niccolini
- [Rucus] Botnets, take 2... Re: Draft RUCUS charter Dan York
- Re: [Rucus] Draft RUCUS charter Hannes Tschofenig
- Re: [Rucus] Draft RUCUS charter Juergen Quittek
- Re: [Rucus] Botnets, take 2... Re: Draft RUCUS ch… Brian Azzopardi
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Fischer, Kai
- Re: [Rucus] Draft RUCUS charter Martin Stiemerling
- Re: [Rucus] Botnets, take 2... Re: Draft RUCUS ch… Henning Schulzrinne
- Re: [Rucus] Botnets, take 2... Re: Draft RUCUS ch… Dan York
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Saverio Niccolini
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Saverio Niccolini
- Re: [Rucus] Botnets, take 2... Re: Draft RUCUS ch… Otmar Lendl
- [Rucus] EG vs WG - Re: [spitstop] Botnets, take 2… Dan York
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Dan Wing
- Re: [Rucus] Draft RUCUS charter Hannes Tschofenig
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Hannes Tschofenig
- Re: [Rucus] Botnets, take 2... Re: Draft RUCUS ch… Hannes Tschofenig
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Hannes Tschofenig
- Re: [Rucus] EG vs WG - Re: [spitstop] Botnets, ta… Hannes Tschofenig
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Jan Seedorf
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Hannes Tschofenig
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Fischer, Kai
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Saverio Niccolini
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Saverio Niccolini
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Hannes Tschofenig
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Hannes Tschofenig
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Hannes Tschofenig
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Hannes Tschofenig
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Peter Saint-Andre
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Fischer, Kai
- [Rucus] Let's ONLY send to RUCUS now, please! (an… Dan York
- Re: [Rucus] EG vs WG - Re: [spitstop] Botnets, ta… Peter Saint-Andre
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Hannes Tschofenig
- Re: [Rucus] EG vs WG - Re: [spitstop] Botnets, ta… Hannes Tschofenig
- Re: [Rucus] EG vs WG - Re: [spitstop] Botnets, ta… Dan York
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Charzinski, Joachim (NSN - DE/Muenich)
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Saverio Niccolini
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Saverio Niccolini
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Otmar Lendl
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Otmar Lendl
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Otmar Lendl
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Henning Schulzrinne
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Jan Seedorf
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Saverio Niccolini
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Otmar Lendl
- Re: [Rucus] [spitstop] Botnets, take 2... Re: Dra… Hannes Tschofenig