Interesting People mailing list archives
more on somebody is spoofing "from dave () farber net"
From: David Farber <dave () farber net>
Date: Sun, 08 Aug 2004 20:16:33 -0400
Begin forwarded message: From: Rich Kulawiec <rsk () gsp org> Date: August 8, 2004 9:32:53 AM EDT To: David Farber <dave () farber net> Subject: Re: [IP] somebody is spoofing "from dave () farber net" On Wed, Aug 04, 2004 at 07:14:32PM -0400, David Farber wrote:
Again, it is past time to fix the spoofing (like 20 years past time)!!!!
Can't be done -- at the moment.Oh, sure, there are proposals (like DomainKeys and SPF) on the table which attempt to wallpaper over the problem and hide its consequences, but none of
these do anything to address the underlying issues.Nor can they: as long as there are N (where my current guesstimate of N is
40 million) zombies [1] out there, and as long as NOBODY has a plan to un-zombie them *and* keep them that way, the problem will persist. And, as of the moment: 1. The putative/former owners of those zombies are largely unaware of the problem; and of those few who are aware, many lack the tools and the expertise required to solve the problem. 2. The ISPs which knowingly permit these zombies to abuse the entire rest of the Internet have, collectively, sat on their hands for the better part of two years while the problem has increased to epidemic proportions. Never mind that they could have *at least* mitigated some of the effects with simple network triage measures that could be put into place in a week; it would seem, at least in the case of consumer broadband ISPs (which are a major source of this problem) that they would prefer to spend their money on marketing rather than on engineering. 3. The OS vendor which is responsible for the widespread deployment of the low-quality software which makes this possible has completely failed, more than two years into its "focus on security", to even release a rudimentary mail client which can be safely used, or to address major deficiencies in its web browser in a timely manner. Thus, an unceasing parade of new/newly-found security holes which shows no signs of stopping or even slowing down ensures a plentiful supply of fresh opportunities for attackers.Thus: of the three entities which are clearly responsible for this problem, nobody appears to have much interest in actually DOING something about it.
---Rsk [1] A "zombie" is a Windows system which has been successfully hijacked and is under the effective control of a remote attacker. Zombies are created via spam/viruses/worms/attacks/spyware, and are used for a variety of purposes: sending SMTP spam, hosting spammer web sites, conducting DDoS attacks, attempting to create more zombies, etc. "Zombie farms" represent enormous aggregate computing power and bandwidth; in fact, some people are selling access to them in quantity or offering to conduct DDoS attacks with them for a fee. It's difficult to tell how many zombies are out there -- for instance, a dormant zombie being held in reserve would be difficult to detect -- but the estimate of 40 million is a composite based on observations and discussion with experienced anti-spam/anti-abuse professionals. It's probably wrong; but it's probably the right order of magnitude. ------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on somebody is spoofing "from dave () farber net" David Farber (Aug 08)