Paul Judge wrote:
This is the Inventory of Problems document that was originally started by
Liudvikas Bukys. I've made some changes based on feedback from others and
myself. I thought that I sent this to the list after I sent the list of work
items, but I could not find it to refer to it. Liudvikas will resume
ownership of this document.
Evading accountability
- forging envelope sender
- forging From header
Add (in addition to HELO), forged Received lines, mailer masquerading.
Exploitation of weak systems
- exploit open smtp relay
- exploit insecure web services (cgi formmail)
- exploit open proxies (HTTP CONNECT, HTTP)
And SOCKS. Wingates. Etc.
Especially Jeem-like spam trojans.
Aggressive database generation
- directory harvesting (web, LDAP)
- name guessing & probing
Heh, just got scanned for 5.2 million addresses in one day.
Fraud & Crime
- Nigerian 419
- eBay password/credit card theft
- payPal password/credit card theft
Child porn. Sexual harrassment in the workplace. "call via muldovia
dialers". "open window on close" unkillables. Browser reconfig attacks.
Identity theft. Domain theft. IPaddr theft (aka IP hijacking, aka
"zombie blocks")
Forged spam blowback (ie: overloading)
Reputation damage due to forgeries.
Insecure system overloading.
"chill factor" affecting economics.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg