Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

WELL WORTH READING -- re: Not so fast, broadband providers tell big users

From: David Farber <dave () farber net>
Date: Thu, 15 Mar 2007 19:51:55 -0400


Begin forwarded message:

From: Meng Weng Wong <mengwong () pobox com>
Date: March 15, 2007 7:12:42 PM EDT
To: dave () farber net
Cc: Meng Wong <mengwong () pobox com>
Subject: Re: [IP] Re: Not so fast, broadband providers tell big users

On Mar 15, 2007, at 2:00 PM, David Farber wrote:
The pure thoughtlessness of supposedly intelligent human beings on how to solve problems amazes me. Punishing everyone for the sins of a few (bots are not predominant) is a lazy form of thought. And it's abusive.
This argument, is off-topic in the first place, quickly becomes a rathole, so I'll try to keep it entertaining.
Bots (zombied machines) are, in fact, predominant; they are responsible for the majority of spam sent today, and the infection rate is estimated as being as high as 1 in 3 Windows machines.
The bad-guy industry is mature. Zombie networks can be rented by the CPU-hour.
The field is so mature, in fact, that different criminal gangs play "capture the flag", battling it out to re-own machines that were already owned by somebody else. 

Distributed computing has officially arrived :)
Spammers today have access to more computational power, and at a lower price point, than Lawrence Livermore, Sandia, and TJ Watson put together. This is a provocative statement. I'll substantiate it below, with the caveat that the necessarily rough estimates do introduce substantial error.
http://www.nytimes.com/2007/01/07/technology/07net.html? ex=1325826000&en=cd1e2d4c0cd20448&ei=5090
http://www.spamdailynews.com/publish/Organized_crime_offers_rent-a- zombie_deals.asp
Scotland Yard says zombie networks are available for approximately $100/hr for 10,000 machines. At approximately 2 gigaflops per PC, $100 buys you one hour on a 20 Tflop/s zombie network (unclustered, of course, so you're not going to be modeling fusion reactions or protein folding, but we're going to pick a yardstick, we might as well use gigaflops.)
If the typical zombie farmer makes 500,000 machines available for rent, a total of 1,000 teraflop/s is available for $5,000 per hour. 

http://www.networkworld.com/weblogs/layer8/012079.html
By comparison, LLNL's Blue Gene/L runs at 280 Tflop/s, Sandia's Red Storm runs at 101.4, and TJ Watson's box runs at 91.2. For $10,000, you can rent a 180 gflops slice of Blue Gene for a week, for 108 million gigaflops. Or you can rent 1,000,000 zombie gigaflops for two hours, for a total of 7.2 billion gigaflops. 

http://www.itjungle.com/tlb/tlb031505-story03.html
http://www.top500.org/lists/2006/11
If you believe these figures, and are willing to compare apple- gigaflops with orange-teraflops, the fastest supercomputer in the world costs 66 times as much as a zombie network, and offers one- third the raw computing power. Of course, the flops aren't equivalent because the architectures and applications are completely different.
And, of course, any economist will tell you that stolen goods cost less. IBM owns its facilities; zombie networks 0wn theirs.
But I'd like to think this disproves the original assertion that "bots are not predominant."
Rather than have to defend my very normal need to do this against idiots, let's just vote them off the island.
ISPs that do not block 25 are themselves being voted off the island by a growing population of receivers in the email community. There is a small but growing industry which aims at filtering *outbound* mail, and at quarantining and remediating infected home users. All of these costs are, of course, generally borne by ISPs, but are hidden from and largely unappreciated by the consumer. 

In 2007, email breaks down roughly like this:
If you're a home consumer, you're expected to relay mail through your ISP's servers. You can reach them on port 25.
If you want to relay mail through some other server, say, your corporate server at work, you can submit on port 587, which remains unblocked. That server will require a username and password, so it's not an open relay. RFC2476 goes into more detail.
If you want to send mail directly to a receiver's MX, you can't: port 25 is blocked. This is the recommendation of http://www.maawg.org/ and several other industry organizations. It is, as you say, based on the unfortunate logic that "most X are Y and most Y are X, and since we can't pinpoint X well enough, we approximate using Y."
At present, if you really want port 25 unblocked, you have to sign up for business-class DSL, often called "static". 

This usually costs more.
Now that port 25 is unblocked, you are assumed to run your own MTA software, and to have your own MTA administrator.
If any of your machines get compromised, and emit spam, you will eventually appear on one of the numerous DNSBLs out there. When that happens receivers may reject your mail, or file it to the spam folder.
It is unfortunate that the end-to-end Internet is only available to "business-class" users. If we want to get port 25 unblocked, all we have to do is (a) secure Windows, so that home users can keep them uninfected without doing any extra work, and (b) solve spam. 



-------------------------------------------
Archives: http://v2.listbox.com/member/archive/247/@now
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: