wayne wrote:
A) RMX is broken, due to reliance on DNS
Even with the birthday paradox attack, the spammer will have to send
out hundreds of forged DNS packets in order to have a good chance of
getting a bogus entry the target's DNS cache. This is both very
detectable and it also greatly increases the amount of work that a
spammer has to do.
I've not been following this in great detail, but I'd like to comment on
this point. It's worse than that. It has to trick every recipient.
It's rather like true IP spoofing. In some circumstances, it is indeed
possible to spoof IPs. But since it requires flooding the MTA for each
connection with thousands of packets, it becomes totally impractical
if you're trying to spam more than a handful of recipients (even if
you're on the same network interface as AOL's MTAs).
So, I don't think attacks on the DNS protocol are compelling.
Subverting a DNS server is an entirely different thing.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg