Rich Kulawiec <rsk(_at_)gsp(_dot_)org> wrote:
On Thu, Feb 12, 2009 at 09:58:41PM -0000, John Levine wrote:
Indeed. Now beef some of them up with some realistic estimates of
transactions costs, and the costs of dealing with screwed up and
fraudulent transactions.
Along those same lines, such an estimate must take into account a
minimum of 100M botted hosts, and correspondingly, a minimum of 100M
compromised sets of email credentials. [1]
Reasonable numbers...
[1] These estimates may be much too small to reflect reality; for
example, a compromise of my system would eventually expose over
30 sets of such credentials, each picked up in turn as it was
used. Personally, I think "250m" and "1.5B" are probably more
realistic numbers.
Can I deal with those estimates separately?
Thus, such an estimate must be able to cope gracefully with the case
where (say) 1M systems simultaneously (or nearly so) present the same
token to (say) 100K mail systems -- and must do so without permitting on
an effective DoS on the transaction processor.
I take "simultaneously" to mean "within one second".
First, from the "bank's" viewpoint: it receives 100K requests to
redeem, at worst; credits one and refuses the rest. All 100K get charged
a transaction fee.
From the receiving MTAs' viewpoint: each starts an SMTP session,
requests postage (probably in differing amounts) and gets a token.
Since the sending MTA is on a suspected-bot blocklist, it either
presents the token as quickly as possible (in hopes of being the first
to present), or tarpits long enough to see whether the IP address
shows up on a confirmed-evil-bot blocklist.
Remember, presentation of a bad token is a much clearer indication
of evil intent: a few dozen should suffice for blocklisting. It's
quite practical to blocklist 100 million IPs, at which point the
problem will start to disappear. Computers blocklisted this way will
pretty much be forced into going through a relay MTA with which they
have a contractual relationship -- which removes the problem from
the "botted-MTA" territory.
(And note that, modulo the token, this is a routine occurence. It
could reasonably be expected to become more so if abusers found it
effective.)
Agreed.
--
John Leslie <john(_at_)jlc(_dot_)net>
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg