more on somebody is spoofing "from dave () farber net"

[David Farber <dave () farber net>]

Begin forwarded message:

From: Rich Kulawiec <rsk () gsp org>
Date: August 8, 2004 9:32:53 AM EDT
To: David Farber <dave () farber net>
Subject: Re: [IP] somebody is spoofing "from dave () farber net"

On Wed, Aug 04, 2004 at 07:14:32PM -0400, David Farber wrote:
> Again, it is past time to fix the spoofing (like 20 years past 
> time)!!!!

Can't be done -- at the moment.

Oh, sure, there are proposals (like DomainKeys and SPF) on the table 
which
attempt to wallpaper over the problem and hide its consequences, but 
none of
these do anything to address the underlying issues.

Nor can they: as long as there are N (where my current guesstimate of N 
is
40 million) zombies [1] out there, and as long as NOBODY has a plan to
un-zombie them *and* keep them that way, the problem will persist.

And, as of the moment:

        1. The putative/former owners of those zombies are largely unaware
        of the problem; and of those few who are aware, many lack the tools
        and the expertise required to solve the problem.

        2. The ISPs which knowingly permit these zombies to abuse the entire
        rest of the Internet have, collectively, sat on their hands for the
        better part of two years while the problem has increased to epidemic
        proportions.  Never mind that they could have *at least* mitigated
        some of the effects with simple network triage measures that could
        be put into place in a week; it would seem, at least in the case of
        consumer broadband ISPs (which are a major source of this problem)
        that they would prefer to spend their money on marketing rather than
        on engineering.

        3. The OS vendor which is responsible for the widespread deployment
        of the low-quality software which makes this possible has completely
        failed, more than two years into its "focus on security", to even
        release a rudimentary mail client which can be safely used, or to
        address major deficiencies in its web browser in a timely manner.
        Thus, an unceasing parade of new/newly-found security holes which
        shows no signs of stopping or even slowing down ensures a plentiful
        supply of fresh opportunities for attackers.

Thus: of the three entities which are clearly responsible for this 
problem,
nobody appears to have much interest in actually DOING something about 
it.

---Rsk

[1] A "zombie" is a Windows system which has been successfully hijacked
and is under the effective control of a remote attacker.  Zombies are
created via spam/viruses/worms/attacks/spyware, and are used for a
variety of purposes: sending SMTP spam, hosting spammer web sites,
conducting DDoS attacks, attempting to create more zombies, etc.
"Zombie farms" represent enormous aggregate computing power and
bandwidth; in fact, some people are selling access to them in quantity
or offering to conduct DDoS attacks with them for a fee.  It's difficult
to tell how many zombies are out there -- for instance, a dormant zombie
being held in reserve would be difficult to detect -- but the estimate
of 40 million is a composite based on observations and discussion with
experienced anti-spam/anti-abuse professionals.  It's probably wrong;
but it's probably the right order of magnitude.

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/