RE: pros and cons of RMX (Re: [Asrg] Declaration to the world)

["Jonathan Wilkins" <jwilkins@microsoft.com>]

-----Original Message-----
>From: Chris Lewis [mailto:clewis@nortelnetworks.com] 
>Sent: Thursday, March 06, 2003 1:06 PM
>To: ietf anti-spam research group

>wayne wrote:
>>>A) RMX is broken, due to reliance on DNS

>> Even with the birthday paradox attack, the spammer will have to send
>> out hundreds of forged DNS packets in order to have a good chance of
>> getting a bogus entry the target's DNS cache.  This is both very
>> detectable and it also greatly increases the amount of work that a
>> spammer has to do.

>I've not been following this in great detail, but I'd like to comment
on 
>this point.  It's worse than that.  It has to trick every recipient.
Yes, it does have to trick every recipient, once.  Then it's cached and
all future sends are free.  Also, since the timing is predictable this
attack is easy to carry out.

>It's rather like true IP spoofing.  In some circumstances, it is indeed

>possible to spoof IPs.  But since it requires flooding the MTA for each

>connection with thousands of packets, it becomes totally impractical 
>if you're trying to spam more than a handful of recipients (even if 
>you're on the same network interface as AOL's MTAs).
Why is 65536 100 byte packets a lot? That's only 655k.  Why would
preceeding any spamming attempt with that many bytes trouble an 
attacker?  That's a fraction of the bandwidth they're using anyway
for the message content (since they're probably delivering to multiple
mailboxes on most large networks)

>So, I don't think attacks on the DNS protocol are compelling. 
>Subverting a DNS server is an entirely different thing.

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg