Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. NANOG>
  3. users
Update on mail bombing threats--words fail me--enjoy the laugh
hcb at clark
Jan 7, 1997, 9:58 AM
Post #1 of 19 (1198 views)
Permalink
I posted recently about a recent mailbombing threat apparently originating
from Cyberpromo. Many of you may have received this, but I must share it
for those who haven't seen it...the specter of Cyberpromo being victimized
by Nasty Evil Spammers had me laughing so hard tears ran down my face and
my ribs hurt.

Howard

------
Received: from cyber3.7.nostoppingittop (daemon@[206.154.151.19]) by
mail.clark.net (8.7.3/8.6.5) with ESMTP id UAA24805 for <hcb@clark.net>;
Mon, 6 Jan 1997 20:51:28 -0500 (EST)
Received: (from daemon@localhost) by cyber3.7.nostoppingittop (8.7.4/8.7.3)
id UAA05715; Mon, 6 Jan 1997 20:53:44 -0500 (EST)
Date: Mon, 6 Jan 1997 20:53:44 -0500 (EST)
Message-Id: <199701070153.UAA05715@cyber3.7.nostoppingittop>
From: abusebot@savetrees.com (Mail AutoResponder)
To: "howard c. berkowitz" <hcb@clark.net>
Subject: RESPONSE FROM CYBERPROMO


Version 1-4-97:


Cyber Promotions has recently terminated several accounts for
abuse of our policies. (Updated TOS at end of message).

Cyber Promotions will not tolerate irresponsible
commercial email activities.

The following email accounts have been *recently TERMINATED...


*noci@cyberpromo.com 1-4-97: Spamming with THREATS!

jrtkjs@savetrees.com 10-9-96: Forgery and spamming INTERNET
jrtkjs@answerme.com "" "" "" "" "" ""
dollars@savetrees.com Non-existant account. The account was
forged by the people who opened the accounts above.

info1@cyberpromo.com 10-8-96: Unsolicited ads to INTERNET addresses

changes@answerme.com 9-30-96: Unsolicited ads to INTERNET addresses
changes@cyberpromo.com 9-30-96: Unsolicited ads to INTERNET addresses
changes@savetrees.com 9-30-96: Unsolicited ads to INTERNET addresses

catalog@savetrees.com 9-30-96: Unsolicited ads to INTERNET addresses
catalog@cyberpromo.com 9-30-96: Unsolicited ads to INTERNET addresses
catalog@answerme.com 9-30-96: Unsolicited ads to INTERNET addresses

eleven@answerme.com 9-28-96: Forgeries
eleven@savetrees.com 9-28-96: Forgeries
eleven@answerme.com 9-28-96: Forgeries

tsahk@cyberpromo.com 9-27-96: Unsolicited ads to INTERNET addresses
tsahk@answerme.com 9-27-96: Unsolicited ads to INTERNET addresses

icssender@omni.cyberpromo.com 9-19-96: FORGED unsolicited email, making
it appear that Cyberpromo's auto-sender was responsible. If you are in
receipt of the message, please look through the headers and complain to the
appropriate postmasters.

networkes@answerme.com 9-17-96: Ignored remove requests
networkes@cyberpromo.com 9-17-96: Ignored remove requests
networkes@savetrees.com 9-17-96: Ignored remove requests
reminders@answerme.com 9-17-96: Unsolicited ads to INTERNET addresses
reminders@savetrees.com 9-17-96: Unsolicited ads to INTERNET addresses
reminders@cyberpromo.com 9-17-96: Unsolicited ads to INTERNET addresses

salespromo@answerme.com 9-16-96: Unsolicited ads to INTERNET addresses
salespromo@savetrees.com "" "" "" ""
salespromo@cyberpromo.com "" "" "" ""
promo@answerme.com "" "" "" ""
promo@savetrees.com "" "" "" ""
promo@cyberpromo.com "" "" "" ""
info4free@answerme.com "" "" "" ""
info4free@savetrees.com "" "" "" ""
info4free@cyberpromo.com "" "" "" ""

manda@cyberpromo.com 8-28: Massive abuse to INTERNET addresses / FORGERY
manda@answerme.com 8-28: Massive abuse to INTERNET addresses / FORGERY
website@cyberpromo.com 8-27: excessive abuse to AOL / removals ignored
sevenmil@cyberpromo.com 8-27: excessive abuse / all removals ignored
sevenmil@answerme.com 8-27: "" "" "" "" "" ""
vera@cyberpromo.com
vera@answerme.com
zol@answerme.com
website@answerme.com
allied@cyberpromo.com
allied@answerme.com
lists@cyberpromo.com
lists@answerme.com



Cyber Promotions is *not* in business to annoy people. We are in the
business of sending (and assisting in sending) commercial (and
noncommercial) email to people who are *not* offended by the receipt of
these messages. Unfortunately, due to many experiences (many of which were
out of our control) we have had some problems accomplishing our goals
without upsetting some people. We are truly sorry about that fact, and we
plan to "clean up the streets" as best as we can.

Some people have been under the impression that all email that appears to
come from cyberpromo.com, is from Cyber Promotions. That is not true.
Most of the complaints that we have recently received have been in reaction
to people who have "autoresponders" and "virtual email addresses" on our
system. In that case, their mail would have referenced an account on our
system, but originated from a different site. Unfortunately, software like
Pegasus enables their mail to appear as if it came from us, directly. But,
their true origination is still evident in the headers. You can determine
where it originated if you know how to decode headers. But when doing so,
remember that Pegasus, for example, actually logs into *our* sendmail. At
this time, the only messages that originate from Cyber Promotions, use our
proprietary Cyber Sender 5.0+ protocol which will always be indicated in
the organization: header.

Due to these "look alikes," it could appear that recipients' remove request
were being ignored. WE DO NOT IGNORE REMOVE REQUESTS.

Please note: we have no control over mail that originates from
other sites, that travel through our SMTP (relay-host) servers. We will
simply terminate any accounts that we maintain, that is referred to in
their abusive mail.


ATTENTION PRODIGY MEMBERS:
It has come to Cyber Promotions' attention, that some of you are having a
major problem removing yourselves from our lists. This can be attributed
to the "alias" that your outgoing mail may contain. If you are having
problems, please send an email to manremove@cyberpromo.com and type both of
your email addresses in the body of the message, each on its own line,
without any comments. The subject line is ignored. You probably have one
address like xazd35r@prodigy.com and another address like
sanford@prodigy.com.


ATTENTION PIPELINE MEMBERS:
It has come to Cyber Promotions' attention, that some of you are having a
major problem removing yourselves from our lists. This can be attributed
to the "alias" that your outgoing mail may contain. If you are having
problems, please send an email to manremove@cyberpromo.com and type your
email addresses in the body of the message, each on its own line, without
any comments. The subject line is ignored. You should type your email id
followed by the following THREE domains. @usa.pipeline.com,
@pipeline.com, @nyc.pipeline.com. Even if you feel that your address is
definately only one of the three possibilities, you should still remove all
three addresses (each on its own line).


ATTENTION INTERNET USERS:
It has come to Cyber Promotions' attention, that some of you are having a
major problem removing yourselves from our lists. This can be attributed
to the "alias" that your outgoing mail may contain. If you are having
problems, please send an email to manremove@cyberpromo.com and type your
email addresses in the body of the message, each on its own line, without
any comments. The subject line is ignored. If your email address could
contain an alias like mail.domain.com or if you may have more that one
email address that points to another email address, you should remove them
all. If you wish to remove *every* email address in your domain, please
contact us, and we will "grep" out every possibility.




REVISED TERMS OF SERVICE:

1. We do not allow postings to inappropriate
newsgroups with reference to your account
because such postings result in *MUCH* more negative
response than positive.

2. We prohibit the advertising of offensive material
(ie. pornography, weapons, etc).

3. You may not use the account to participate in
illegal activities.

4. Our TOS strictly prohibits the sending of mass commercial
emails to INTERNET addresses, unless expressed permission
has been granted to you by the recipient.
In addition, you *must* honor all requests for removal
from your mailing list in a diligent manner.
Our service can be used in conjunction with advertisements that
you place with a bulk email company other than your
own or us, as long as they follow the same guidelines.

5. Cyber Promotions reserves the right to terminate any account for any
reason at any time, without notice.





- - - - - - - - - - - - - - - - -
Re: Update on mail bombing threats--not so funny [ In reply to ]
mleber at he
Jan 9, 1997, 4:32 AM
Post #2 of 19 (1183 views)
Permalink
On Tue, 7 Jan 1997, Howard C. Berkowitz wrote:
> I posted recently about a recent mailbombing threat apparently originating
> from Cyberpromo. Many of you may have received this, but I must share it
> for those who haven't seen it...the specter of Cyberpromo being victimized
> by Nasty Evil Spammers had me laughing so hard tears ran down my face and
> my ribs hurt.

Unfortunately, this culprit has been operating in hit and run mode for a
while, and has made good on his threats but not exactly how you might
think. I am going to stick to calling him the "culprit" for liability
reasons. Bear with me, there are some serious lessons at the end.

The culprit had a free web page at joes.com from Joe Doll advertising
"Hair Tonic" or some such. Joe Doll has a no spam policy. The culprit
then did a spam to promote his page and Joe pulled it. The culprit then
emailed a threatening note to Joe Doll requesting his page be restored.
Joe Doll then recieved a second note notifying Joe of a pending revenge
spam of 1 million emails.

On Friday Morning, January 3rd we started receiving a continuous stream of
phone calls complaining of a spam from joes.com (subject "El Cheapo...").
Somebody using an ibm.net dialup connection was sending out a barrage of
spam in Joe Doll's name forged to appear from joe@joes.com and writen to
be flame bait.

We immediately began to receive a wave after wave of retaliatory strikes
in the form of email bombs, SYN attacks, ping bombs, and a variety of
other denial of service attacks. It would have been interesting had it
not been threatening our business. We were forced to continuously
manually prune the mail queue on our primary server. (People are creative
when sending email bombs, there are many that randomize everything.)

After we figured out that the specific address for joes.com was being SYN
attacked we undefined the interface alias he was on. We also changed his
MX record to "read.news.admin.net-abuse.email" to try to get the some of
the attackers to stop. (I recognized some of their domains as nanae
regulars after scanning the group.)

By the way, we did try to contact IBM by email and by phone. We recived a
trouble ticket acknowlegement back on Saturday. On Monday IBM closed the
culprit's accounts, but apparently forgot to clear out their mail queue. I
have recieved reports that people are still getting the forged joes.com
spam from ibm.net implying that some email must have still been queued.

For more information about this specific culprit see
http://www.ca-probate.com/yuri.htm

Here are the lessons:

* If somebody sends out 1 million flame bait emails forged to be in your
name and only 1% of the recipients are technical, you have 10,000 people
that hate you and know how to do something about it. Even 100 determined
hackers can throw a major wrench in your works. Point: This is an
extremely serious security issue.

* Currently, due to lack of clear criminal law in this area, many net
vigilantes handle spam by exacting revenge in their own way. However,
this type of "frontier justice" has a low level mob mentality and is apt
to make incorrect decisions.

* If we don't want everybody to take the law into their own hands then we
need get the legal system involved.

* However, while existing civil statutes offer one avenue, the saying is
"you can't get blood from a turnip". Most spammers spam because they
don't have anything better to do, and therefore don't have significant
assets.

I am going to briefly mention two laws, I know this is nanog, but I must
leave a starting point for the next victim of this type of attack.

After talking with the FBI, I was informed that Federal 18 USC 1030 ibid.
does not apply. (I have no idea what it actually says, but many admins
thought it applied.)

A helpful netizen informed us about US Code Title 487 Section 227.
However Section 401 which covers enforcement provisions refers to "the
Commission". The agent in the FBI Computer Crimes Division we have been
working with thinks this means the FCC.

Hurricane Electric has limited resources for this sort of thing and we are
going to have to let this whole issue drop.

I guess we just have to wait until somebody forges 1 million emails from
whitehouse.gov or something like that.

Mike.

+------------------- H U R R I C A N E - E L E C T R I C -------------------+
| Mike Leber Direct Internet Connections Voice 408 282 1540 |
| Hurricane Electric Web Hosting & Co-location Fax 408 971 3340 |
| mleber@he.net http://www.he.net |
+---------------------------------------------------------------------------+

- - - - - - - - - - - - - - - - -
Re: Update on mail bombing threats--not so funny [ In reply to ]
avg at pluris
Jan 9, 1997, 2:19 PM
Post #3 of 19 (1185 views)
Permalink
There is no use to attempt to find legal fixes for massive spam and other
flooding attacks. The spam sources will simply move out of U.S.
and will start loading international circuits with their crap.

I.e. the legal cure will only make spam even more annoying, but won't
stop anybody.

Why won't we concentrate on doing technical solutions? Fortunately,
it is relatively easy to get rid of the flooding attacks by reducing
their effectiveness to nothing.

The solution is source address filtering at edges, to relieve attackers
from the benefit of forged source addresses, and reverse lookup
authentication in MTAs -- just do not accept any mail coming from an
invalid source address, or source address not corresponding to what
is in Sender, Reply-To or From field.

That will arguably break some setups (for example, when outgoing mail
leaves hosts directly, but return mail comes thru a centralized server);
but that can be fixed.

That scheme is obviously not bullet-proof, but neither are locks on the
doors. They do deter crime, though.

BTW, the e-mail sender address authentication would also do wonders for
non-flooding variety of spammers -- getting tons of angry mail from the
targets of the spam does have some effect. Also, it gives ISPs ability
to identify abusers, and create a black list of people not to have any
business with, and a legitimate reason to refuse service to them.

There's a historical precedent in doing source address authentication
which initially broke service for a lot of peple, but ultimately made
Internet a saner place -- the FTP archive at UUNET at some time started
requiring that reverse DNS lookups should provide correct names.
Oops -- nobody with broken reverse zones could access it.

Now, the question is how to make people to actually implement it. I guess
the big providers should consider it in their best interest -- or they'll
eventually get politicians and lawyers on their heads.

--vadim
- - - - - - - - - - - - - - - - -
Re: Update on mail bombing threats--not so funny [ In reply to ]
pferguso at cisco
Jan 9, 1997, 2:59 PM
Post #4 of 19 (1187 views)
Permalink
At 01:19 PM 1/9/97 -0800, Vadim Antonov wrote:

>
>The solution is source address filtering at edges, to relieve attackers
>from the benefit of forged source addresses, and reverse lookup

Yet another application for draft-ferguson-ingress-filtering-01.txt.

:-)

- paul


>authentication in MTAs -- just do not accept any mail coming from an
>invalid source address, or source address not corresponding to what
>is in Sender, Reply-To or From field.
>

- - - - - - - - - - - - - - - - -
Re: Update on mail bombing threats--not so funny [ In reply to ]
allan at bellsouth
Jan 9, 1997, 3:10 PM
Post #5 of 19 (1187 views)
Permalink
Vadim Antonov wrote:
>

One possible solution is just to have recourse after the fact.
If you as an ISP have their credit card/phone billing, and have
a policy that explicitly states that either:

1) you will charge $100/hr to cleanup revenge email that they
were responsible for directly.

2) you will charge them $.25/message for every mail message over
1000 sent outgoing (this doesn't handle using another sites mail
server).

3) you charge for bandwidth or something like that making sure you
set the limits such that normal dialup users won't see any charges.

Even despite the inevitable chargebacks, many spammers would decide that
fighting with the credit card company isn't worth it.

There are a lot of ISPs spending a large amount of time/$ tracking
down this sort of thing and in the end it isn't very productive.
I see a general lack of policy for dealing with spam almost
everywhere.

allan
- - - - - - - - - - - - - - - - -
Re: Update on mail bombing threats--not so funny [ In reply to ]
mleber at he
Jan 9, 1997, 3:31 PM
Post #6 of 19 (1183 views)
Permalink
On Thu, 9 Jan 1997, Vadim Antonov wrote:
> Why won't we concentrate on doing technical solutions?
> [good source authentication proposal deleted]

This would solve the forged email problem excellently. (Assuming you can
get past the installed base of over 50(?) million SMTP email addresses,
although only a few of those actually have a source domain different from
the mail gateway.)

However, the spaming problem is another. I see three generations of
spammers.

The 1st Generation Spammer (Direct)

From address matches sender. Spammer expects to pick up mail at the from
address. Cancelling account thwarts spammer. Easy to cover in TOS.

The 2nd Generation Spammer (Indirect Via Internet)

From address is different than sender. For this type of spam promoting
web sites, the actual site being promoted is on a different network than
spam is sent from. For this type of spam requiring a response, response
email address is usually a dropbox or autoresponder service with a
"spammer friendly" TOS. Source email account used is disposable.
Requires more complex TOS for network hosting actual site to terminate
service.

The 3rd Generation Spammer (Indirect Via Non Internet)

From address can be anything. Response is via 900 phone number, 800 phone
number taking credit cards, or international number with builtin premium
($20 for the first minute). Alternatively, less sophisticated 3rd
generation spammers use fax, regular telephone, or postal mail (only the
really dumb ones every use postal mail, because of the amount of law). No
Internet resource is used as part of ordering.

I have received a couple of these 3rd generation spams recently.

Mail authentication is not going to prevent hit and run 3rd generation
spams.

An additional feature (hehe) in sendmail that would hinder hit and run
operators would be flood suppression on a user by user basis (ibm.net
could have used this). For example, a rule such that no user can send
more than 1000 messages per day (configurable of course).

Mike.

+------------------- H U R R I C A N E - E L E C T R I C -------------------+
| Mike Leber Direct Internet Connections Voice 408 282 1540 |
| Hurricane Electric Web Hosting & Co-location Fax 408 971 3340 |
| mleber@he.net http://www.he.net |
+---------------------------------------------------------------------------+

- - - - - - - - - - - - - - - - -
Re: Update on mail bombing threats--not so funny [ In reply to ]
mleber at he
Jan 9, 1997, 3:40 PM
Post #7 of 19 (1184 views)
Permalink
On Thu, 9 Jan 1997, Allan Chong wrote:
> Even despite the inevitable chargebacks, many spammers would decide that
> fighting with the credit card company isn't worth it.

Uh, you have this backwards. If you read most credit card merchant
agreements, online services have no recourse, without a physical signature
from the customer, against chargebacks for online service. This is
because they are treated as phone orders where the presumption is in the
customers favor.

Mike.

+------------------- H U R R I C A N E - E L E C T R I C -------------------+
| Mike Leber Direct Internet Connections Voice 408 282 1540 |
| Hurricane Electric Web Hosting & Co-location Fax 408 971 3340 |
| mleber@he.net http://www.he.net |
+---------------------------------------------------------------------------+

- - - - - - - - - - - - - - - - -
Re: Update on mail bombing threats--not so funny [ In reply to ]
avg at pluris
Jan 9, 1997, 3:50 PM
Post #8 of 19 (1182 views)
Permalink
Allan Chong <allan@bellsouth.net> wrote:

>One possible solution is just to have recourse after the fact.
>If you as an ISP have their credit card/phone billing, and have
>a policy that explicitly states that either....

>Even despite the inevitable chargebacks, many spammers would decide that
>fighting with the credit card company isn't worth it.

How are you proposing collecting any debts from a spammer in
Brazilia?

BTW, to be able collect such charges you _must_ be able to prove
that the spammer have seen the price list. That is kind of hard
to do when you don't have spammer's return address. Implied contracts
have been commonly found non-binding by the courts (a typical example
would be to open a cafe, wait when people walk in and then tell them
"our admission fee is $100 -- please pay up, or we call police").

--vadim
- - - - - - - - - - - - - - - - -
Re: Update on mail bombing threats--not so funny [ In reply to ]
allan at bellsouth
Jan 10, 1997, 4:15 AM
Post #9 of 19 (1183 views)
Permalink
Mike Leber wrote:
>
> On Thu, 9 Jan 1997, Allan Chong wrote:
> > Even despite the inevitable chargebacks, many spammers would decide that
> > fighting with the credit card company isn't worth it.
>
> Uh, you have this backwards. If you read most credit card merchant
> agreements, online services have no recourse, without a physical signature
> from the customer, against chargebacks for online service. This is
> because they are treated as phone orders where the presumption is in the
> customers favor.
>

By chargeback, I meant to the merchant. But it still was a hassle
on a simple chargeback I did. I probably wasted 5 hours writing
letters and on the phone to make it stick.


The technical reasons Vadim gives are essential, to ensure that
everything is as it appears, but what does the ISP do when one
of their users does something. Most don't have any clear cut
policy. When the spam is coming from the network of a paying
business customer, operators often have to start tiptoeing lightly.
We're going to see more balkanization of the net as operators have to
start deciding between the good ISPs and bad ISPs.

allan
3 posts in a day. I must be getting old and grumpy.
- - - - - - - - - - - - - - - - -
Re: Update on mail bombing threats--not so funny [ In reply to ]
avg at pluris
Jan 10, 1997, 1:45 PM
Post #10 of 19 (1190 views)
Permalink
-----BEGIN PGP SIGNED MESSAGE-----


I told it many times already that the freedom of speech includes
not only right to speak but also right not to listen.

Internet is very good at the first part; and woefully indaequate
at the second.

Can it be fixed? Of course. But the first step in filtering out
those who are trying to push their unwanted speech on us is to
make sure they won't pretend to be somebody whose words we'd
want to listen to.

So -- the problem has two aspects: the first is authentication,
the second is defense against flooding attacks. They are
closely related, but not identical.

The source address verification is powerful enough to get flood
attacks stopped. It is still not enough to get rid of unwanted
messages.

The second line of defense should be digital signatures on messages,
certified by some authorities (what is "authority" depends on your
personal point of view -- you're free to choose whom to believe)
which to a some extent make sure that signatures correspond to
physical people. Then you can just stop accepting any unsigned
mail (note that a reputable anonymous remailer would also check
signatures on incoming messages; and substitute them with its own).

There's no magic technology involved; this is just the problem of
how to actually implement it. Until we do that we all live in
danger of having our name smeared if some jerk decides he's pissed
and posts some nazi propaganda, or threats, with a reputable person's
e-mail address. I already was an antisemite, and an agent of KGB,
thank you very much.

Now, how about doing the right thing: make the NANOG list the
first one to require signed messages? Somebody has to start.

- --vadim


-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBMtaqSEDODjim2XUVAQFuBwP+N7JhLLT7yFcF8Se7XvfRd9DOPceAa0U5
vvnjbCCEZpq8xWh6H7cMyq3vZdQeFzYnCC6007PQt4AyodJ8DQC77RLL72YthHzz
/ZWQdbS7xlJQxsUAFQiZprpeW6cAExRwIiPrKimjx96kvBvufFPeOtLjhV1Vpalo
o4e+DHJRGbY=
=EMOb
-----END PGP SIGNATURE-----
- - - - - - - - - - - - - - - - -
Re: Update on mail bombing threats--not so funny [ In reply to ]
alex at relcom
Jan 10, 1997, 2:38 PM
Post #11 of 19 (1184 views)
Permalink
Sorry, but what are you doing with the uninteresting adv. shits
in you usial mail-box? I found daily 2 / 3 such papers, and I prefere
to brote them into my wasterbacket instead of writing a lot of
complains... Sometimes I found something interesting, anyway.

Except some cases of the massive SPAM it's better choice.
Just now I see unadequate behaviour of some network administrators
when 1 (_ONE_) unnessesary message cause 10 / 20 messages (written bu this administrator)
complained about this advertisment (you are naming it _spam_). This cause
us to much more troubles then simple 'D' (or 'REMOVE') command.

> There is no use to attempt to find legal fixes for massive spam and other
> flooding attacks. The spam sources will simply move out of U.S.
> and will start loading international circuits with their crap.
>
> I.e. the legal cure will only make spam even more annoying, but won't
> stop anybody.
>
> Why won't we concentrate on doing technical solutions? Fortunately,
> it is relatively easy to get rid of the flooding attacks by reducing
> their effectiveness to nothing.
>
> The solution is source address filtering at edges, to relieve attackers
> from the benefit of forged source addresses, and reverse lookup
> authentication in MTAs -- just do not accept any mail coming from an
> invalid source address, or source address not corresponding to what
> is in Sender, Reply-To or From field.
>
> That will arguably break some setups (for example, when outgoing mail
> leaves hosts directly, but return mail comes thru a centralized server);
> but that can be fixed.
>
> That scheme is obviously not bullet-proof, but neither are locks on the
> doors. They do deter crime, though.
>
> BTW, the e-mail sender address authentication would also do wonders for
> non-flooding variety of spammers -- getting tons of angry mail from the
> targets of the spam does have some effect. Also, it gives ISPs ability
> to identify abusers, and create a black list of people not to have any
> business with, and a legitimate reason to refuse service to them.
>
> There's a historical precedent in doing source address authentication
> which initially broke service for a lot of peple, but ultimately made
> Internet a saner place -- the FTP archive at UUNET at some time started
> requiring that reverse DNS lookups should provide correct names.
> Oops -- nobody with broken reverse zones could access it.
>
> Now, the question is how to make people to actually implement it. I guess
> the big providers should consider it in their best interest -- or they'll
> eventually get politicians and lawyers on their heads.
>
> --vadim
>

---
Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
- - - - - - - - - - - - - - - - -
Re: Update on mail bombing threats--not so funny [ In reply to ]
ljp at ans
Jan 10, 1997, 3:02 PM
Post #12 of 19 (1184 views)
Permalink
Allen,

All the legal recourses mean nothing if you cannot enforce them. Let's make
the system moer robust, ie make it harder to fake the source of an email
message, which provides other incidental benefits as well,

Larry Plato
Speaking for myself

>
> Vadim Antonov wrote:
> >
>
> One possible solution is just to have recourse after the fact.
> If you as an ISP have their credit card/phone billing, and have
> a policy that explicitly states that either:
>
> 1) you will charge $100/hr to cleanup revenge email that they
> were responsible for directly.
>
> 2) you will charge them $.25/message for every mail message over
> 1000 sent outgoing (this doesn't handle using another sites mail
> server).
>
> 3) you charge for bandwidth or something like that making sure you
> set the limits such that normal dialup users won't see any charges.
>
> Even despite the inevitable chargebacks, many spammers would decide that
> fighting with the credit card company isn't worth it.
>
> There are a lot of ISPs spending a large amount of time/$ tracking
> down this sort of thing and in the end it isn't very productive.
> I see a general lack of policy for dealing with spam almost
> everywhere.
>
> allan
>

- - - - - - - - - - - - - - - - -
Re: Update on mail bombing threats--not so funny [ In reply to ]
dan at dpcsys
Jan 10, 1997, 8:09 PM
Post #13 of 19 (1182 views)
Permalink
-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 10 Jan 1997, Vadim Antonov wrote:
> Can it be fixed? Of course. But the first step in filtering out
> those who are trying to push their unwanted speech on us is to
> make sure they won't pretend to be somebody whose words we'd
> want to listen to.

[ ...]

> Now, how about doing the right thing: make the NANOG list the
> first one to require signed messages? Somebody has to start.

So in order to post to nanog you would have to have your PGP
key signed by NANOG or the list operator or another entity trusted
by all. How do you establish trust for that signing?

The Usenix key signing is a good model for techie types, but
we are the minority. How would the great unwashed have their
keys signed? Besides, I like being able to post without having to
attend a NANOG meeting though I could live with the restriction.

I agree that both goals, authentication and flooding defense, are
desirable. Source address verification is important and doable as
long as everyone in a position to do so wants to. We have our filters
in place, does everyone? There are 3000+ of us little guys and
we are the ones who need to do it. The NSPs and regionals could
possibly filter at customer gateways but with multi-homing how much
human/CPU load would that present?

Authentication is worse when looking at ubiquitous verification.
Unless we give up on PGP and switch to PEM and RSA certs (using RSA
as a trusted authority). And even then, for personal certs anyway,
they don't seem very secure to me. I can get one for free and all
they require is a valid e-mail address to send it to. Once I have it
I can forge my e-mail address and use the cert to sign messages
originating from another account. Of course the original "valid"
e-mail address has long since disappeared. I haven't actually tried
this, but I don't see how a signed message injected into an SMTP port
could be distinguished from a "real" one. Sure, the IP address will
be in the headers, but they aren't signed.

Now the threat of RSA pursuing me for violation of their personal
use restrictions *might* slow down some spammers, but probably not
until a few have been caght and hung.

This might be more on topic on cryptography@c2.net.
Majordomo list. Low volume.

Dan
- --
Dan Busarow 714 443 4172
DPC Systems / Beach.Net dan@dpcsys.com
Dana Point, California 83 09 EF 59 E0 11 89 B4 8D 09 DB FD E1 DD 0C 82

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMtcEWbWobIiO1AA9AQEENQP/dFcwDqVr5k02lVj3YVir81eyQr64gZ+6
m43R2mVSNSVkwSXaSwliK53JasQHdSFoC8Dj99m0vRqQOldiol2eQIEq66eG4Yby
2v45nJvrfinfo84wRWOzdyzvcHdRJaCUTRUUiYzOY/Ec1mbkG3NIGwvLJlN/GjCt
qIRYb/hPid0=
=yynD
-----END PGP SIGNATURE-----

- - - - - - - - - - - - - - - - -
Re: Update on mail bombing threats--not so funny [ In reply to ]
pferguso at cisco
Jan 10, 1997, 8:53 PM
Post #14 of 19 (1184 views)
Permalink
-----BEGIN PGP SIGNED MESSAGE-----

At 07:09 PM 1/10/97 -0800, Dan Busarow wrote:

>
>So in order to post to nanog you would have to have your PGP
>key signed by NANOG or the list operator or another entity trusted
>by all. How do you establish trust for that signing?
>

Having a key-signing party at the upcoming NANOG is a good
place to start.

>The Usenix key signing is a good model for techie types, but
>we are the minority. How would the great unwashed have their
>keys signed? Besides, I like being able to post without having to
>attend a NANOG meeting though I could live with the restriction.

Strong crypto for the masses!

For what it's worth, the same model holds true for meetings of
the IETF; Ted Tso has been organizing key-signing parties that
are held one evening during IETF week.

- - paul

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMtcOs5RLcZSdHMBNAQF8HQQAi+p3dsTucTTXPD7tMvNIUFn3DKgBTjjX
JExLVyCojuq2fIIWRAlS/o14Rqy7nQK4aULDVo07Gz1jIpTygJLyOPT44XsozFAz
IvgVdpS0np11u422mxQ+NMG72pIJyyucZSQq2FzLVidleChnWcBqysQsb2/JP+BO
jej9ymeAjNA=
=E37p
-----END PGP SIGNATURE-----


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAiuk0/8AAAEEALqlLc+x9lmgiJCRSpu/aPhQdi0hMjwiGlN2B/GJQqgZPhTb
pR+u5/blGogqT+WwcXZ2XfEdIV19FrJY4BXGGn4+4TjdVN3XuuCHuueoygBAmOQD
IloU6SJuDqJa0kFA5X/i/1ELn86I5+8A4Hx88FiYJIVUBR6SApRLcZSdHMBNAAUR
tCJQYXVsIEZlcmd1c29uIDxwZmVyZ3Vzb0BjaXNjby5jb20+
=p8D4
-----END PGP PUBLIC KEY BLOCK-----

--
Paul Ferguson || ||
Consulting Engineering || ||
Herndon, Virginia USA |||| ||||
tel: +1.703.397.5938 ..:||||||:..:||||||:..
e-mail: pferguso@cisco.com c i s c o S y s t e m s
- - - - - - - - - - - - - - - - -
Re: Update on mail bombing threats--not so funny [ In reply to ]
avg at pluris
Jan 10, 1997, 10:37 PM
Post #15 of 19 (1183 views)
Permalink
-----BEGIN PGP SIGNED MESSAGE-----

>The Usenix key signing is a good model for techie types, but
>we are the minority. How would the great unwashed have their
>keys signed?

This looks like a business opportunity. I think it may make
sense for somebody to establish a nation wide network of
Public Notaries who'd be certifying that the physical person
has this-and-that document (drivers license, etc) and has that
key. A central office would maintain a registry of personal
keys. We all could use the registry to verify the signatures.

Such certification could cost something like $10 per key. I'd
certainly be willing to pay that much to have a certified key.
Given the potential customer base of 20-50 million, that would
make a nice business case.

- --vadim


-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBMtcm6kDODjim2XUVAQEAzAP/VwfOex0ZonDepPv0xHVpB4A5ZG06DfZ7
O1BZqFzEGwvkjcsubuaE8FoOIZX6Mp26lCWM5G7VJkDCPVILjn9/ZzyB2gU+qZD1
HOGmkAf92V/EG8VfuIQSVIP9DuEwtd3FGJ4NkQyNIyi+ZrheYXTnE/mpNX+TqVDl
aU7yPfmDbHE=
=nVVX
-----END PGP SIGNATURE-----
..
- - - - - - - - - - - - - - - - -
Re: Update on mail bombing threats--not so funny [ In reply to ]
dan at dpcsys
Jan 10, 1997, 11:21 PM
Post #16 of 19 (1182 views)
Permalink
-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 10 Jan 1997, Paul Ferguson wrote:
> At 07:09 PM 1/10/97 -0800, Dan Busarow wrote:
> >So in order to post to nanog you would have to have your PGP
> >key signed by NANOG or the list operator or another entity trusted
>
> Having a key-signing party at the upcoming NANOG is a good
> place to start.

No doubt, but it doesn't address the problem that started this
thread. Yes, spreading the use of PGP is a good thing, but I
don't see it as a tool to fight spam or, more importantly, spam
terrorisim. Not in the near term anyway.

> Strong crypto for the masses!

But of course :) If we can deploy it widely enough. We encourage
all of our clients to use PGP.

> For what it's worth, the same model holds true for meetings of
> the IETF; Ted Tso has been organizing key-signing parties that
> are held one evening during IETF week.

The point I was trying to make was that most on-line groups don't have
real life, face to face meetings. They can't implement the key signing
model.

Maybe requiring signed posts wouldn't be that bad of an idea. While
the policy wouldn't solve anything right now it could serve as an example.

Hmm

Dan
- --
Dan Busarow 714 443 4172
DPC Systems dan@dpcsys.com
Dana Point, California 83 09 EF 59 E0 11 89 B4 8D 09 DB FD E1 DD 0C 82

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMtcxabWobIiO1AA9AQEZgwP/dtxykrfT3YTrabR7DpwWNavLN/DHukda
LqqpdhiutG0U7hWFR9m+Ecw6OrW8t19jb4tUvi4i/VutRSr5TIRPdIHMohBFxxbb
4XsoWGYQCgM9J0HrdM2L/TGKwV5vXQHnzNKCqacOpLX5UdjJ5ZhtG9FGBFy4W95e
KqGrczae/ro=
=F3sT
-----END PGP SIGNATURE-----

- - - - - - - - - - - - - - - - -
Re: Update on mail bombing threats--not so funny [ In reply to ]
dan at dpcsys
Jan 10, 1997, 11:28 PM
Post #17 of 19 (1186 views)
Permalink
-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 10 Jan 1997, Vadim Antonov wrote:
> >The Usenix key signing is a good model for techie types, but
> >we are the minority. How would the great unwashed have their
> >keys signed?
>
> This looks like a business opportunity. I think it may make
> sense for somebody to establish a nation wide network of
> Public Notaries who'd be certifying that the physical person

CA's will likely be the notary public of the future. But what does
that do to help us fight spam and *forged* spam today?

I'm not trying to discourage the use of PGP, just point out that
it is unlikely to solve the problem at hand.

Long term, yes, today, no.

Dan
- --
Dan Busarow 714 443 4172
DPC Systems dan@dpcsys.com
Dana Point, California 83 09 EF 59 E0 11 89 B4 8D 09 DB FD E1 DD 0C 82

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMtczFbWobIiO1AA9AQGBNgP9HnPXEpdRp57WMXo5Kf7WQs2BvMZWkD6f
+ZsMRy3UWVTbBHeKOLCcIXmtlqQB8V5yoE8PYoVzUXFELXefsRmSrhd8iJGjxuIo
kpzDVtuFp4ZPlw6K92ZmoVvCLUeCHmSA4V8brfz33Z4Wmk8xes4oB2NMDdYzS/sv
5wTiaiRr8hQ=
=SNY8
-----END PGP SIGNATURE-----

- - - - - - - - - - - - - - - - -
Re: Update on mail bombing threats--not so funny [ In reply to ]
avg at pluris
Jan 11, 1997, 2:00 AM
Post #18 of 19 (1186 views)
Permalink
-----BEGIN PGP SIGNED MESSAGE-----

Dan Busarow wrote:

>I'm not trying to discourage the use of PGP, just point out that
>it is unlikely to solve the problem at hand.

>Long term, yes, today, no.

Depends on what you think "today" is :) I'm old enough to see
way many things change -- when i started hacking, computers
with no ICs in them were still quite useful.

- --vadim


-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBMtdWq0DODjim2XUVAQFRyAP8DrKTVfeDyG+Rni6p9tVl/7/LjG9h9YQ0
PnfCYS4jiFkWUtioGvToJxWIR0i+hYpYNj4qZfcH911bvVFEV9P+rQCMPqGJSPJ5
PXZ9wuwx134NBoTU2n2VGNsBRKxWtp7xXjiyEUV9oMBInPIOSgCLMcfxDGIi/NJp
OSe5d1WSmgE=
=rAAf
-----END PGP SIGNATURE-----
- - - - - - - - - - - - - - - - -
Re: Update on mail bombing threats--not so funny [ In reply to ]
hcb at clark
Jan 11, 1997, 5:19 AM
Post #19 of 19 (1185 views)
Permalink
At 1:00 AM -0800 1/11/97, Vadim Antonov wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Dan Busarow wrote:
>
>>I'm not trying to discourage the use of PGP, just point out that
>>it is unlikely to solve the problem at hand.
>
>>Long term, yes, today, no.
>
>Depends on what you think "today" is :) I'm old enough to see
>way many things change -- when i started hacking, computers
>with no ICs in them were still quite useful.
>

Please, sir, do not remind me of even earlier things...such as the
machines, admittedly shoved in a corner somewhere, that were still running
legacy applications without _transistors_.

I still have a soft spot in my heart for vacuum tubes. Diagnosis is so
much easier when you can look for the tube that isn't glowing.

Howard


- - - - - - - - - - - - - - - - -

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal