ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] In case anyone thought Barry was exaggerating

2003-06-26 18:09:34
from [Yakov Shafranovich] [Permanent Link] 
At 07:27 PM 6/26/2003 -0400, Barry Shein wrote:



On June 26, 2003 at 11:13 research(_at_)solidmatrix(_dot_)com (Yakov 
Shafranovich) wrote:
> Well, this raises an interesting issue that I mentioned before - if a virus 
 > takes over someone's email client, lets say Outlook, and starts sending
> spam from that person's account which is legit, there isn't much we can do. 

Wait a minute, let's restate that a little more accurately:

If we can conclude that MILLIONS of PCs are PURPOSELY being infected
by viruses designed to turn them into spam delivery robots...then
there's nothing we can do?

Sure we can, for starters we can alert all interested parties that
this is underlying the spam problem and more importantly agree that
this is the real problem.

It's not the message, it's the amplification.

And the amplification is being obtained criminally and massively.

And it's only through this illegally obtained amplification is spam
the problem we see.

You've all got to stop thinking like end-users who can only see the
message on your screen and start thinking like network engineers and
ask questions like how the heck did some two-bit punk just send 100M
get rich quick spams from hundreds of different IP addresses?

And, further, would this really be much of a problem if they couldn't
do exactly that? Could Joe Chickenboner and his 386 on a 56k dialup
really send out 100M msgs from that one machine before being shut down
or at least blocked by 95% of the net? I don't think so.
[..]
In your opinion, isn't spam considering a specific case of a network abuse problem? Why is the spam problem any different from lets say a BBS user dialing in every moment and giving all other BBS users a busy signal. OR lets say in a shared-Unix system, a user grabbing too much disk space leaving not much for anyone else.
In both cases, there were mechanisms in place to catch the wrongdoers and enforce the rules. The problem with the Internet is as many people have mentioned, is that it is an open system, written by people no expecting abuse - by people who trusted each user on the network to do the right thing. As far as I understand you, what you and Eric Brunner are trying to bring to everyone's attention, is the need for similar controls on the Internet so massive network abuse can be detected early and stopped. 

Yakov






_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Economic model is borken. (sic.) Let's fix it, mathew
Next by Date:  Re: [Asrg] Consent Proposal, Yakov Shafranovich
Previous by Thread:  Re: [Asrg] In case anyone thought Barry was exaggerating, Vernon Schryver
Next by Thread:  Re: [Asrg] In case anyone thought Barry was exaggerating, Barry Shein
Indexes:  [Date] [Thread] [Top] [All Lists]