<<< Date Index >>>     <<< Thread Index >>>

[IP] more on INTERNET ATTACKS JUMP SIGNIFICANTLY THIS YEAR



___

Dave Farber  +1 412 726 9889



...... Forwarded Message .......
From: Rich Kulawiec <rsk@xxxxxxx>
To: David Farber <dave@xxxxxxxxxx>
Cc: Tom Goltz <tgoltz@xxxxxxxxxxxxxxxxx>
Date: Wed, 22 Sep 2004 00:07:37 -0400
Subj: Re: [IP] more on INTERNET ATTACKS JUMP SIGNIFICANTLY THIS YEAR

On Tue, Sep 21, 2004 at 01:53:00PM -0400, David Farber wrote:
> If this trend continues, it's going to move from being a nuisance to a 
> major problem very, very quickly.

It already *is* a major problem: most spam (about 80%, if I average
the last several estimates I've seen) is coming from zombies.  Given
that we're now rejecting 97-98% of all incoming SMTP traffic, that's
pretty bad.

But that's hardly the end of it: those zombies are being used to conduct
all kinds of security probes/attacks (as you observed) and to launch
DDoS attacks (sometimes against security/anti-abuse resources).

Don't expect it to get any better soon.  Nobody who's in a position
to fix it is doing anything about it:

        - the users (the former owners of the zombies) either don't know,
        don't care, lack the expertise, lack the tools, practice such
        poor computing that they'll just be re-zombied (e.g. they use IE
        or Outlook), and so on.

        - the consumer broadband ISPs have steadfastly refused to admit
        that there's a problem.  Of course: if they admitted it, they
        might have to cut into their enormous profits by spending some
        money to fix it.

        - Microsoft continues to prattle about their "emphasis on security",
        but they haven't done squat.  Heck, they haven't even managed to
        release a mail client (a *mail client*, for crying out loud) that's
        safe to use.

It's pretty clear that it's time to start treating any machine whose IP
stack indicates it's running Windows as suspect.  This has already been
used for spam control, as in the very clever:

        Journal of merlyn (47)
        http://use.perl.org/~merlyn/journal/17094

and now it's time to start extending that.

---Rsk

-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/