Home page logo

nanog logo nanog mailing list archives

Re: Update on mail bombing threats--not so funny
From: alex () relcom EU net
Date: Fri, 10 Jan 97 14:38:54 +0300

Sorry, but what are you doing with the uninteresting adv. shits
in you usial mail-box? I found daily 2 / 3 such papers, and I prefere
to brote them into my wasterbacket instead of writing a lot of
complains... Sometimes I found something interesting, anyway.

Except some cases of the massive SPAM it's better choice.
Just now I see unadequate behaviour of some network administrators
when 1 (_ONE_) unnessesary message cause 10 / 20 messages (written bu this administrator)
complained about this advertisment (you are naming it _spam_). This cause
us to much more troubles then simple 'D' (or 'REMOVE') command.

  There is no use to attempt to find legal fixes for massive spam and other
  flooding attacks.   The spam sources will simply move out of U.S.
  and will start loading international circuits with their crap.

  I.e. the legal cure will only make spam even more annoying, but won't
  stop anybody.

  Why won't we concentrate on doing technical solutions?  Fortunately,
  it is relatively easy to get rid of the flooding attacks by reducing
  their effectiveness to nothing.

  The solution is source address filtering at edges, to relieve attackers
  from the benefit of forged source addresses, and reverse lookup
  authentication in MTAs -- just do not accept any mail coming from an
  invalid source address, or source address not corresponding to what
  is in Sender, Reply-To or From field.

  That will arguably break some setups (for example, when outgoing mail
  leaves hosts directly, but return mail comes thru a centralized server);
  but that can be fixed.

  That scheme is obviously not bullet-proof, but neither are locks on the
  doors.  They do deter crime, though.

  BTW, the e-mail sender address authentication would also do wonders for
  non-flooding variety of spammers -- getting tons of angry mail from the
  targets of the spam does have some effect.  Also, it gives ISPs ability
  to identify abusers, and create a black list of people not to have any
  business with, and a legitimate reason to refuse service to them.

  There's a historical precedent in doing source address authentication
  which initially broke service for a lot of peple, but ultimately made
  Internet a saner place -- the FTP archive at UUNET at some time started
  requiring that reverse DNS lookups should provide correct names.
  Oops -- nobody with broken reverse zones could access it.

  Now, the question is how to make people to actually implement it.  I guess
  the big providers should consider it in their best interest -- or they'll
  eventually get politicians and lawyers on their heads.


Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
- - - - - - - - - - - - - - - - -

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]