nanog mailing list archives
Re: botted hosts
From: Valdis.Kletnieks () vt edu
Date: Mon, 04 Apr 2005 16:33:29 -0400
On Mon, 04 Apr 2005 16:12:51 EDT, Dean Anderson said:
On a deeper level, I discovered (its not at proof level, but probably at 'strong conjecture' level) that results from information theory show that spam cannot be stopped technically. I'll write it up a bit more formally, and post a link. (And I'll see if I can carry it out to a proof) To summarize, I show that spam is equivalent to a covert/sneaky channel [or rather, "sneaky channel" in the network liturature and other names in other areas of liturature--e.g. "covert channel" is usually specific to multi-user OS analysis, but the concepts are the same]. Then I show that since one can't prove an information system is free of covert/sneaky channels, it can't be proven free of spam either.
The thing your analysis will probably fall short on is that although you can *at best* limit the bandwidth of a covert channel (a well understood concept as far back as the old Orange Book), there's the assumption that a covert channel has a cooperating sender and receiver, both doing the moral equivalent of an FFT to extract the signal from the noise. The problem arises when you are trying to push signal (spam) to a non-cooperating recipient. I've seen spam that's so obfuscated that it's unclear whether it's trying to sell me a R00leckss or medications. At that point, it may be able to pass under the effective-bandwidth filter of your covert channel. But it's also likely to be under the effective bandwidth needed to actually deliver a message to an end-user. If you hide the spam in a steganographic message inside a .JPG of a giraffe, it will almost certainly make it to the mailbox. But at that point, the user is left looking at a picture of a giraffe......
Attachment:
_bin
Description:
Current thread:
- Re: The power of default configurations, (continued)
- Re: The power of default configurations just me (Apr 08)
- Re: The power of default configurations Eric A. Hall (Apr 08)
- Re: The power of default configurations Mark Andrews (Apr 06)
- Re: botted hosts Suresh Ramasubramanian (Apr 04)
- Re: botted hosts Christopher L. Morrow (Apr 04)
- Re: botted hosts Dean Anderson (Apr 04)
- Message not available
- Re: botted hosts John Dupuy (Apr 04)
- Message not available
- Re: botted hosts John Dupuy (Apr 04)
- Re: botted hosts Valdis . Kletnieks (Apr 04)
- Re: botted hosts Christopher L. Morrow (Apr 04)
- Message not available
- Re: botted hosts Dean Anderson (Apr 05)
- Re: botted hosts Simon Waters (Apr 05)
- Re: botted hosts Dean Anderson (Apr 05)
- Re: botted hosts Suresh Ramasubramanian (Apr 05)
- Re: botted hosts Tony Finch (Apr 05)
- Re: botted hosts Suresh Ramasubramanian (Apr 05)