We will not disregard this proposal of honeypots. In general, the criticism
of ideas before they are allowed to be fully developed will get us nowhere.
Brad is working on a more detailed explanation of this proposal. It does not
claim to be a silver bullet, but one tool to prevent and detect spam. If
someone would like to develop a list of countermeasures to honeypots, then
that is a meaningful exercise, but randomly throwing out one countermeasure
and claiming that we should abandon this line of thinking is absurd.
Yes, you came up with a countermeasure. This does not mean that we throw the
solution away. That means that we come up with all the countermeasures that
we can imagine. We then work on all the countercountermeasures that we can
conceive. We decide what vulnerabilites are left. We then analyze the
effectiveness of the approach given the risk associated with the remaining
vulnerabilities. The probablility or risk of a certain countermeasure
depends on the costs, effort, and time required of the attacker. This allows
us to evaluate the usefulness of the approach based on the cost of deploying
it.
Unless someone has done this analysis, then they should not shoot down
another idea on this list.
This is a research group. You do not get points for throwing stones at other
people's ideas. Every idea or approach needs a champion, if people attack
every idea then folks will be reluctant to propose their thoughts. People
that continue to make such unconstructive criticism will be asked to not
participate in this group.
-----Original Message-----
From: Chuq Von Rospach [mailto:chuqui(_at_)plaidworks(_dot_)com]
Sent: Wednesday, April 09, 2003 1:59 PM
To: Kee Hinckley
Cc: Brad Spencer; asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] Whitelisting on Message-ID (Was Turing
Test ...) honey pot plug
On Wednesday, April 9, 2003, at 09:38 AM, Kee Hinckley wrote:
That's the major flaw with the honeypot solution. It deals very
poorly with evasion. As soon as honeypots become a
problem, spammers
will begin to write more sophisticated tests that try and detect
honeypots.
I posted an easy way to get around honeypots the other day -- regular
tests. Easy to do using a small array of captive accounts, hard to
catch.
Any solution that's so easy *I* can pull a way to isolate it off the
top of my head is something not worth spending energy implementing,
because it's a solution that works only because spammers haven't had
enough hassle from it to work around it. That's not even an
arms race,
that's throwing snowballs at a tank. It'd take us a lot more time and
energy to build up a honeypot system annoying enough to amek them
notice than it'll take for them to build a system to make
that honeypot
system useful only against stupid spammers.
So IMHO, it's a bad place to spend our energy, but it won't even slow
down the smart spammers, and we don't need sophisticated
tools to catch
stupid ones.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg