ietf-asrg
[Top] [All Lists]

RE: pros and cons of RMX (Re: [Asrg] Declaration to the world)

2003-03-06 15:54:01
 


-----Original Message-----
From: Chris Lewis [mailto:clewis(_at_)nortelnetworks(_dot_)com] 
Sent: Thursday, March 06, 2003 1:06 PM
To: ietf anti-spam research group

wayne wrote:
A) RMX is broken, due to reliance on DNS

Even with the birthday paradox attack, the spammer will have to send
out hundreds of forged DNS packets in order to have a good chance of
getting a bogus entry the target's DNS cache.  This is both very
detectable and it also greatly increases the amount of work that a
spammer has to do.

I've not been following this in great detail, but I'd like to comment
on 
this point.  It's worse than that.  It has to trick every recipient.
Yes, it does have to trick every recipient, once.  Then it's cached and
all future sends are free.  Also, since the timing is predictable this
attack is easy to carry out.

It's rather like true IP spoofing.  In some circumstances, it is indeed

possible to spoof IPs.  But since it requires flooding the MTA for each

connection with thousands of packets, it becomes totally impractical 
if you're trying to spam more than a handful of recipients (even if 
you're on the same network interface as AOL's MTAs).
Why is 65536 100 byte packets a lot? That's only 655k.  Why would
preceeding any spamming attempt with that many bytes trouble an 
attacker?  That's a fraction of the bandwidth they're using anyway
for the message content (since they're probably delivering to multiple
mailboxes on most large networks)

So, I don't think attacks on the DNS protocol are compelling. 
Subverting a DNS server is an entirely different thing.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg