nanog mailing list archives
Re: botted hosts
From: Dean Anderson <dean () av8 com>
Date: Tue, 5 Apr 2005 18:04:18 -0400 (EDT)
On Mon, 4 Apr 2005 Valdis.Kletnieks () vt edu wrote:
The problem arises when you are trying to push signal (spam) to a non-cooperating recipient. I've seen spam that's so obfuscated that it's unclear whether it's trying to sell me a R00leckss or medications. At that point, it may be able to pass under the effective-bandwidth filter of your covert channel.
You are making the assumption that spam means to sell something. Spam includes mailbombing, in which the purpose is not commercial at all, but rather purely for annoyance. (there may be secondary commercial purposes, ie, to annoy users at a certain ISP to harm its business, but we can't discover that purpose by looking a single message. The terribly obfuscated spams never seem to be genuinely commercial. But its hard to count*. The confluence of CAN-SPAM and rapid early genuine spammer adoption of SPF records has revealed some interesting things about how much spam is genuinely commercial and how much is annoyance. It gave us a way to label commercial spam in an easily countable way. The numbers suggested that only about 6% of spam was genuinely commercial. And so leaving the other 94% as non-commercial garbage of one kind or another*. [See Malicious Cryptography: Exposing Cryptovirology by Adam Young et al. Unintelligible spam-like messages may be parts of an encrypted message sent to a "mix-net"]
If you hide the spam in a steganographic message inside a .JPG of a giraffe, it will almost certainly make it to the mailbox. But at that point, the user is left looking at a picture of a giraffe......
And on the girafe, the spots spell out a message that is immediately recognizable to a human. Sort of just like those crawler-thwarting "image" authenticators do now. Partly, this example is a deviation from info theory. The girafe example is just reliant on the fact that machines aren't as good a human at these sort of recognition tasks. If machines were, we'd have other problems, but unwanted messages would still be one of them. Info theory is much deeper. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000
Current thread:
- Re: The power of default configurations, (continued)
- Re: The power of default configurations Eric A. Hall (Apr 08)
- Re: The power of default configurations Mark Andrews (Apr 06)
- Re: botted hosts Suresh Ramasubramanian (Apr 04)
- Re: botted hosts Christopher L. Morrow (Apr 04)
- Re: botted hosts Dean Anderson (Apr 04)
- Message not available
- Re: botted hosts John Dupuy (Apr 04)
- Message not available
- Re: botted hosts John Dupuy (Apr 04)
- Re: botted hosts Valdis . Kletnieks (Apr 04)
- Re: botted hosts Christopher L. Morrow (Apr 04)
- Message not available
- Re: botted hosts Dean Anderson (Apr 05)
- Re: botted hosts Simon Waters (Apr 05)
- Re: botted hosts Dean Anderson (Apr 05)
- Re: botted hosts Suresh Ramasubramanian (Apr 05)
- Re: botted hosts Tony Finch (Apr 05)
- Re: botted hosts Suresh Ramasubramanian (Apr 05)
- Re: botted hosts Florian Weimer (Apr 04)