[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Asrg] [Asr?g] Legal side track
On Tue, Apr 15, 2003 at 08:03:43PM -0600, John Fenley wrote
> >From: waltdnes@waltdnes.org
> > In plain English, this is an ugly/dirty war, and if you insist on
> >using Marquis of Queensbury rules against a dirty opponent who doesn't,
> >you will end up losing the war. I don't want to lose the war.
>
> Fighting cleanly is the only way to truly win.
>
> There are only 3 flaws I can find in my "clean" system now.
>
> 1. Spoofed addresses
> Spoofing addresses will only work if the spoofed address has a large
> subscriber list. That will be tough to deal with.
> 3. resistance to Challenge/Response(which i don't see as a problem)
> Once people get used to it, it will be like second nature.
The *ONLY* way it'll work will be as a pseudo-reject at the SMTP
stage, e.g. a "950 Challenge: blah, blah, blah" message, which will be
seen by legitimate senders, and replied to. If it's at the MUA level,
then innocent 3rd parties will get mailbombed. Think orders of
magnitude in excess of...
> Mar 29 04:09:20 manson filt-smtpd[15474]: DENYMAIL: (tim@mailkey.com) -> (waltdnes@waltdnes.org) [217.199.183.18]
> Mar 29 04:09:41 manson filt-smtpd[15486]: DENYMAIL: (tim@mailkey.com) -> (waltdnes@waltdnes.org) [217.199.183.18]
> Mar 29 04:10:13 manson filt-smtpd[15527]: DENYMAIL: (tim@mailkey.com) -> (waltdnes@waltdnes.org) [217.199.183.18]
> Mar 30 05:04:58 manson filt-smtpd[11931]: DENYMAIL: (tim@mailkey.com) -> (waltdnes@waltdnes.org) [217.199.183.18]
> Mar 30 05:05:11 manson filt-smtpd[11937]: DENYMAIL: (tim@mailkey.com) -> (waltdnes@waltdnes.org) [217.199.183.18]
> Mar 30 05:05:25 manson filt-smtpd[11977]: DENYMAIL: (tim@mailkey.com) -> (waltdnes@waltdnes.org) [217.199.183.18]
> Mar 30 05:05:57 manson filt-smtpd[11990]: DENYMAIL: (tim@mailkey.com) -> (waltdnes@waltdnes.org) [217.199.183.18]
> Mar 30 05:06:11 manson filt-smtpd[12007]: DENYMAIL: (tim@mailkey.com) -> (waltdnes@waltdnes.org) [217.199.183.18]
> Mar 31 01:54:03 manson filt-smtpd[19607]: DENYMAIL: (tim@mailkey.com) -> (waltdnes@waltdnes.org) [217.199.183.18]
> Mar 31 01:54:06 manson filt-smtpd[19608]: DENYMAIL: (tim@mailkey.com) -> (waltdnes@waltdnes.org) [217.199.183.18]
> Mar 31 01:54:35 manson filt-smtpd[19643]: DENYMAIL: (tim@mailkey.com) -> (waltdnes@waltdnes.org) [217.199.183.18]
For real shits and giggles...
- Spammer somewhere on the net sends a spam "From:" a forged address
of joe.blow@bad.example.com to john.smith@foobar.invalid
- john.smith@foobar.invalid uses challenge/response. His MUA sees a
non-whitelisted "From:" address and sends a challenge to
joe.blow@bad.example.com
- joe.blow@bad.example.com uses challenge/response. His MUA sees a
non-whitelisted "From:" address and sends a challenge to
john.smith@foobar.invalid
- john.smith@foobar.invalid challenges joe.blow@bad.example.com
- joe.blow@bad.example.com challenges john.smith@foobar.invalid
- ...do you see the problem here ?
--
Walter Dnes <waltdnes@waltdnes.org>
An infinite number of monkeys pounding away on keyboards will
eventually produce a report showing that Windows is more secure,
and has a lower TCO, than linux.
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg