ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] [Asr?g] Legal side track

2003-04-17 10:34:55
from [John Fenley] [Permanent Link] 
From: waltdnes(_at_)waltdnes(_dot_)org
To: ASRG list <asrg(_at_)ietf(_dot_)org>
Subject: Re: [Asrg] [Asr?g] Legal side track
Date: Wed, 16 Apr 2003 22:12:18 -0400

On Tue, Apr 15, 2003 at 08:03:43PM -0600, John Fenley wrote
> >From: waltdnes(_at_)waltdnes(_dot_)org

> >  In plain English, this is an ugly/dirty war, and if you insist on
> >using Marquis of Queensbury rules against a dirty opponent who doesn't,
> >you will end up losing the war.  I don't want to lose the war.
>
> Fighting cleanly is the only way to truly win.
>
> There are only 3 flaws I can find in my "clean" system now.
>
> 1. Spoofed addresses
> Spoofing addresses will only work if the spoofed address has a large
> subscriber list. That will be tough to deal with.

> 3. resistance to Challenge/Response(which i don't see as a problem)
> Once people get used to it, it will be like second nature.

  The *ONLY* way it'll work will be as a pseudo-reject at the SMTP
stage, e.g. a "950 Challenge: blah, blah, blah" message, which will be
seen by legitimate senders, and replied to.  If it's at the MUA level,
then innocent 3rd parties will get mailbombed.  Think orders of
magnitude in excess of...
> Mar 29 04:09:20 manson filt-smtpd[15474]: DENYMAIL: (tim(_at_)mailkey(_dot_)com) -> (waltdnes(_at_)waltdnes(_dot_)org) [217.199.183.18] 
[repeated many times]

A user of my system would never even know this sort of thing was happening.
A ddos of this sort would then become another benefit to adopting the system. 




  For real shits and giggles...

  - Spammer somewhere on the net sends a spam "From:" a forged address
    of joe(_dot_)blow(_at_)bad(_dot_)example(_dot_)com to 
john(_dot_)smith(_at_)foobar(_dot_)invalid
  - john(_dot_)smith(_at_)foobar(_dot_)invalid uses challenge/response.  His 
MUA sees a
    non-whitelisted "From:" address and sends a challenge to
    joe(_dot_)blow(_at_)bad(_dot_)example(_dot_)com
  - joe(_dot_)blow(_at_)bad(_dot_)example(_dot_)com  uses challenge/response.  
His MUA sees a
    non-whitelisted "From:" address and sends a challenge to
    john(_dot_)smith(_at_)foobar(_dot_)invalid
  - john(_dot_)smith(_at_)foobar(_dot_)invalid challenges 
joe(_dot_)blow(_at_)bad(_dot_)example(_dot_)com
  - joe(_dot_)blow(_at_)bad(_dot_)example(_dot_)com  challenges 
john(_dot_)smith(_at_)foobar(_dot_)invalid
  - ...do you see the problem here ?


http://www.pontifier.com/challenge.html
As writen(not updated since the 10th though i need to) my system is not suseptible to this sort of infinite loop. 

See "when a message arrives:"
#3 Check the sender against the list of sent tests. If there is no previous test pending completion go to #4 If there is a pending test, store the message for delivery upon test completion. end 

John Fenley

_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus 

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Asrg] Legal Suggestions ...., Eric D. Williams
Next by Date:  Re: [Asrg] [Asr?g] Legal side track, John Fenley
Previous by Thread:  Re: [Asrg] [Asr?g] Legal side track, waltdnes
Next by Thread:  Re: [Asrg] [Asr?g] Legal side track, John Fenley
Indexes:  [Date] [Thread] [Top] [All Lists]