[IP] more on somebody is spoofing "from dave@xxxxxxxxxx"
Begin forwarded message:
From: Rich Kulawiec <rsk@xxxxxxx>
Date: August 8, 2004 9:32:53 AM EDT
To: David Farber <dave@xxxxxxxxxx>
Subject: Re: [IP] somebody is spoofing "from dave@xxxxxxxxxx"
On Wed, Aug 04, 2004 at 07:14:32PM -0400, David Farber wrote:
Again, it is past time to fix the spoofing (like 20 years past
time)!!!!
Can't be done -- at the moment.
Oh, sure, there are proposals (like DomainKeys and SPF) on the table
which
attempt to wallpaper over the problem and hide its consequences, but
none of
these do anything to address the underlying issues.
Nor can they: as long as there are N (where my current guesstimate of N
is
40 million) zombies [1] out there, and as long as NOBODY has a plan to
un-zombie them *and* keep them that way, the problem will persist.
And, as of the moment:
1. The putative/former owners of those zombies are largely unaware
of the problem; and of those few who are aware, many lack the tools
and the expertise required to solve the problem.
2. The ISPs which knowingly permit these zombies to abuse the entire
rest of the Internet have, collectively, sat on their hands for the
better part of two years while the problem has increased to epidemic
proportions. Never mind that they could have *at least* mitigated
some of the effects with simple network triage measures that could
be put into place in a week; it would seem, at least in the case of
consumer broadband ISPs (which are a major source of this problem)
that they would prefer to spend their money on marketing rather than
on engineering.
3. The OS vendor which is responsible for the widespread deployment
of the low-quality software which makes this possible has completely
failed, more than two years into its "focus on security", to even
release a rudimentary mail client which can be safely used, or to
address major deficiencies in its web browser in a timely manner.
Thus, an unceasing parade of new/newly-found security holes which
shows no signs of stopping or even slowing down ensures a plentiful
supply of fresh opportunities for attackers.
Thus: of the three entities which are clearly responsible for this
problem,
nobody appears to have much interest in actually DOING something about
it.
---Rsk
[1] A "zombie" is a Windows system which has been successfully hijacked
and is under the effective control of a remote attacker. Zombies are
created via spam/viruses/worms/attacks/spyware, and are used for a
variety of purposes: sending SMTP spam, hosting spammer web sites,
conducting DDoS attacks, attempting to create more zombies, etc.
"Zombie farms" represent enormous aggregate computing power and
bandwidth; in fact, some people are selling access to them in quantity
or offering to conduct DDoS attacks with them for a fee. It's difficult
to tell how many zombies are out there -- for instance, a dormant zombie
being held in reserve would be difficult to detect -- but the estimate
of 40 million is a composite based on observations and discussion with
experienced anti-spam/anti-abuse professionals. It's probably wrong;
but it's probably the right order of magnitude.
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/