ietf-asrg
[Top] [All Lists]

RE: [Asrg] SICS

2004-12-21 19:02:29

-----Original Message-----
From: william(at)elan.net [mailto:william(_at_)elan(_dot_)net]
Sent: Tuesday, December 21, 2004 8:38 PM
To: Hannigan, Martin
Cc: ASRG list
Subject: RE: [Asrg] SICS



On Tue, 21 Dec 2004, Hannigan, Martin wrote:

The ISP's cooperate. Going after the zombies is, for the
most part, an ineffective approach to the situation.

I'm not talking about reactive approach - I'm talking about 
prevention of 
this in the first place. All that is necessary is that ISPs 
agree to share
in a standard way a list of host they believe to be 
responsible enough to
freely participate in SMTP transactions on their own. This 
cuts down list 
of possible zombie targets to very few machines run by users who are 
already likely to have security mechanism that prevents their 
system from
being taken over.

It'll never happen. What's happening here is that email is
becoming over complicated and the operational expense is increasing
as a result - without (m)any results.


Search and destroy of the controllers is more effective i.e.
1 controller = 100K downed bots. (example)
There's a ton of work going on behind the scenes.

It is certainly good that this is going on, I've been 
involved in couple 
of these "search and destroy" missions myself. But this is 
all work after
the fact when we should be trying to research ways to prevent 
the occurance

There is work being done on prevention. How about if MS could
bundle AV into the operating system (free)?

of the problem in the first place. In other words, would you 
prefer to 
face possiblity of being sick with a smallpox rather then the world 
having choosen to immunize everyone against it some time ago which 
effectively got rid of the problem? 

Great analogies, but we're talking about bits and nobody cares
about the plague anymore. If you shift the focus onto operational
expense, capital expense, revenue, etc..it might make more sense.

Trying to at least add some on-topic (about spam), the botnets
technically do NOT spam. They sell their zombies and the spammer
usually spams from a host located right here in the USA. The headers
are rewritten so that host is hidden, but it's there. Florida seems
to be the big place to hide-spam from lately.

The solution has to go up high in the network, near the
NSP's. At the exchanges. I have no idea what that solution is.

Best,

-M<


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg


<Prev in Thread] Current Thread [Next in Thread>