No it's not rhetoric. It's a statement of fact. DNS alone
doesn't solve this problem. If you want RMX to work, you need
to do one of the following:
1. patch the DNS protocol
2. patch DNS servers to keep track of multiple bogus responses
and inform the SMTP server
(what you're going to do when this happens is unclear. Since
they're UDP and spoofable, surely you're not proposing that
all data from that IP be dropped)
See any IDS list for details on the hazards of automated
filtering.
3. Add a NIDS that watches for lots of unasked for DNS replies
and communicates with your SMTP server.
If you're doing this much to compensate for a broken protocol,
you ought to re-evaluate the cost-benefit equation.
I agree with you that DNS hasn't been a major problem for the
internet up until now, but that's because most uses don't make
it easy for an attacker to spoof. Since an attacker doesn't
know when you're going to go to your bank's site (and therefore
do a DNS lookup), it's difficult for them to spoof a DNS reply.
This is not the case for RMX. The spammer controls the timing
of the lookup.
-----Original Message-----
From: Hallam-Baker, Phillip [mailto:pbaker(_at_)verisign(_dot_)com]
Sent: Thursday, March 06, 2003 4:30 PM
To: Jonathan Wilkins; Hallam-Baker, Phillip; Chris Lewis; ietf anti-spam
research group
Sure.. But only if you add a new capability to the DNS server
to signal the SMTP server that this is occuring. Or install
a NIDS system that does the same. More infrastructure to
fix a broken system. Patches upon patches upon patches.
That is rhetoric, not an argument.
DNS has some problems, they have not been serious enough to fix till now
but
the security community always understood how to fix them.
This is an IRTF working group. The expected outcome is either proposals
to
change protocols or a statement why the problem is impossible, not
worthwhile or otherwise not to be addressed.
Phill
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg