[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Asrg] SICS

To: ASRG list <asrg at ietf.org>
Subject: RE: [Asrg] SICS
From: "Hannigan, Martin" <hannigan at verisign.com>
Date: Tue, 21 Dec 2004 20:57:57 -0500
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
Sender: asrg-bounces at ietf.org

> -----Original Message-----
> From: william(at)elan.net [mailto:william at elan.net]
> Sent: Tuesday, December 21, 2004 8:38 PM
> To: Hannigan, Martin
> Cc: ASRG list
> Subject: RE: [Asrg] SICS
> 
> 
> 
> On Tue, 21 Dec 2004, Hannigan, Martin wrote:
> > 
> > The ISP's cooperate. Going after the zombies is, for the
> > most part, an ineffective approach to the situation.
> 
> I'm not talking about reactive approach - I'm talking about 
> prevention of 
> this in the first place. All that is necessary is that ISPs 
> agree to share
> in a standard way a list of host they believe to be 
> responsible enough to
> freely participate in SMTP transactions on their own. This 
> cuts down list 
> of possible zombie targets to very few machines run by users who are 
> already likely to have security mechanism that prevents their 
> system from
> being taken over.

It'll never happen. What's happening here is that email is
becoming over complicated and the operational expense is increasing
as a result - without (m)any results.

> 
> > Search and destroy of the controllers is more effective i.e.
> > 1 controller = 100K downed bots. (example)
> > There's a ton of work going on behind the scenes.
> 
> It is certainly good that this is going on, I've been 
> involved in couple 
> of these "search and destroy" missions myself. But this is 
> all work after
> the fact when we should be trying to research ways to prevent 
> the occurance

There is work being done on prevention. How about if MS could
bundle AV into the operating system (free)?

> of the problem in the first place. In other words, would you 
> prefer to 
> face possiblity of being sick with a smallpox rather then the world 
> having choosen to immunize everyone against it some time ago which 
> effectively got rid of the problem? 

Great analogies, but we're talking about bits and nobody cares
about the plague anymore. If you shift the focus onto operational
expense, capital expense, revenue, etc..it might make more sense.

Trying to at least add some on-topic (about spam), the botnets
technically do NOT spam. They sell their zombies and the spammer
usually spams from a host located right here in the USA. The headers
are rewritten so that host is hidden, but it's there. Florida seems
to be the big place to hide-spam from lately.

The solution has to go up high in the network, near the
NSP's. At the exchanges. I have no idea what that solution is.

Best,

-M<

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] SICS
  - From: Seth Breidbart

Prev by Date: Re: [Asrg] SICS
Next by Date: Re: [Asrg] SICS
Previous by thread: Re: [Asrg] SICS
Next by thread: Re: [Asrg] SICS
Index(es):
- Date
- Thread