RE: The utilitiy of IP is at stake here


What is demonstrated is that given the incentive, there was sufficient
information in this case to track down the offender in a relatively short
time span.

There is a signficant difference between spam and this example. Making a
bomb threat is a felony AND an activity which gets immediate attention
from law enforcement. The existance of a bomb threat will also encourge
the immediate cooperation of the intermediate entitities. There are
relatively few such threats to pursue. The perpetrator was also sounded
pretty inexperienced in terms of the facilities they used to obscure their
identity.

It is highly unlikely that unsolicited bulk email will ever receive this
degree of attention or the coordinated attack to track down a verifiable
origin.

My security gurus tell me that spoofing IP addresses well enough to open
a TCP/IP is not difficult.  If that is correct, then reliance on
knowledge of origin IP address won't stand up over the long haul.

There is a small operation in the ether that periodically offers to
introduce me to eastern women wishing to meet western men. There is no
obvious commercial operation, the pictures provided are not generally
offensive. At some point I got curious trying to figure out the value
proposition. What I've observed is that the domain name changes frequently
and the IP address it translates to changes almost as often. My guess is
that the folks running this 'service' are pirating internet connectivity
and get shutdown when discovered. Sometimes a few days. Sometimes a couple
of weeks. If my presumption of service pirating is correct, this serves as
an existance proof that IP addresses can't be relied on to identify the
source of future spam.

Dave Morris

On Fri, 30 May 2003, Dean Anderson wrote:

Well, John has not been insulted.

You seem to take issue with section:

=================

This problem was been fixed around 1993.. It is not possible
to send anonymous email through an open relay. (you still hear
this from radical antispammers, though).


If sufficient logging information is maintained, it is not
possible to send mail through a relay (open or not) without
identifying the IP address of the sender (that statement was
true before and after the changes you identify as "around
1993").  Getting from that IP address to identification of the
individual sender --which is what you presumably mean by "not
anonymous"-- is more or less difficult and more or less
expensive, depending on a number of other circumstances.   In
some cases --and, again, if one believes that people's time has
any value-- the practical costs of identifying an individual far
exceed any possible value in doing so.  In some others, it may
be nearly impossible.   For example, there is a well-known Asian
country in which most of the dialup services appear to be
freenets, with widely-available dialup numbers and passwords
shared among, I believe, literally millions of people.  The mail
relays on those systems have no way to determine which user is
originating a piece of mail, the user's IP address is of no
help, and a system receiving mail from one of those relays can
only identify the relay host.  That is a pretty good
approximation to anonymity in my book.


This is just nonsense.  Obviously, you have no operational experience.
=================

It is nonsense because "sufficient logging information" has no bearing on
whether is possible to send email through an (open or not) relay without
identifying the IP address of the sender. This IP address is in the
'Recieved:' header, and cannot be altered or removed by the sender.

It is nonsense because the prior anonymity of a user because of shared
passwords by an asian dialup has no bearing on whether open relays are
anonymous. The property of a users anonymity isn't changed by SMTP, as is
wrongly asserted. It is irrelevant whether an ISP in asia doesn't have
accounting records for their users and shares passwords.

So, my statement is correct.  It is nonsense.

And John has obviously never been involved in a Law Enforcement request.
But I have.  Private emails to him seem to confirm this, or at least he
didn't indicate anything to the contrary.  While he may have been working
on SMTP protocols for 30 years, he obviously hasn't been involved in
trackig abuse of various sorts, and has no idea of whether this is
expensive or difficult.

Here is a Law Enforcement request I can relate:  Shortly after Genuity
took their national VOIP service into production, some kid used a
customer's free PC-to-phone service to phone in a bomb threat to a school.
Law Enforcement called the phone company, which traced the PSTN call back
to a CLEC. A call to the CLEC identified Genuity. Genuity operations staff
called me, because they were still somewhat untrained with the integrated
Radius/accounting system for which I was a significant contributing
engineer. They knew how to keep it running, but did not know the queries
to find certain kinds of information.

I explained how to get what they needed to know. They quickly identifed an
IP address belonging to a Genuity (retail VOIP) customer. That customer
used a gateway to relay the call from their customer to Genuity. I believe
that they then got a call from Law Enforcement, and they then identified a
residential ISP, which then identified the original user. Who was quickly
arrested.

This all happened fairly quickly. It is not expensive, as John wrongly
seems to think. And the process has nothing whatsoever to do with SMTP.
In the case of an open relay abuse, the IP of the abuser is quickly and
easily found*. More more easily than in the case above.

*Unless of course, they have an ISP that doesn't keep track of
users--which isn't a fault of open relay.  As was pointed out to John,
SMTP AUTH doesn't alter this situtation in the least.


On Fri, 30 May 2003, Tomson Eric (Yahoo.fr) wrote:

Anthony,

First, I sent my mail to the list to make public apologies for the public
insult made to John on this list.

Second, the objective of this mail was not to discredit Dean (despite his
insults), but to apologize vis-à-vis John (because of the insults made to
him).
Read my mail a bit closer, and you will discover that the main idea was not
defamation but apologies.

Finally, I said that I spoke "in the name of every honest and decent
contributor to this list".
So tell me how I should consider the fact that you don't feel concerned...

E.T.

P.S.: this having been said as a "droit de réponse", you are free to
continue this conversation privately, off the list...

-----Original Message-----
From: owner-ietf(_at_)ietf(_dot_)org 
[mailto:owner-ietf(_at_)ietf(_dot_)org] On Behalf Of Anthony
Atkielski
Sent: vendredi 30 mai 2003 9:14
To: IETF Discussion
Subject: Re: The utilitiy of IP is at stake here

John,


If you are speaking only to John, why do you send your message to an entire
list?

Since I don't think Dean "Troll" Anderson will do
it, I would like to apologize, in the name of every
honest and decent contributor to this list, for the
insults made against someone that was so deeply
involved in the development of SMTP and MIME, and
whose contribution, reputation, and experience earned
him the Internet Architecture Board's chair.


Your attempt to discredit someone else on the list is transparently obvious.
Why not just state your disagreement with him and leave it at that, instead
of embarking on a smear campaign?

I feel so sorry to see how dishonest and undecent
one can be with those who contributed to design and
build the Internet and all related technologies
and protocols.


See above.  A rather poor attempt to disguise defamation as nobility.

Perhaps you should simply speak for yourself, instead of presuming to speak
for others, particularly when the latter is really only a platform for
actions of questionable merit?






_______________________________________________
This message was passed through 
ietf_censored(_at_)carmen(_dot_)ipv6(_dot_)cselt(_dot_)it, which is a sublist 
of ietf(_at_)ietf(_dot_)org(_dot_) Not all messages are passed. Decisions on 
what to pass are made solely by Raffaele D'Albenzio.