Re: e2e2007-08-15 12:17:54On Aug 14, 2007, at 10:59 PM, Lakshminath Dondeti wrote: In any event, exploring one of your examples with the concepts in the paper in mind (perhaps I am using a verbatim application of the concepts) that the network may filter some (and that being the keyword) malware or suspicious traffic based on certain parameters is fine; but the point is that in the end, an application may have to determine what it accepts as legitimate traffic based on its own criteria. Email junk filtering comes to mind as an example. Trying to map that to one of the statements from the paper: "For the data communication system to go out of its way to be an extraordinary filter does not reduce the burden on the application program to filter as well." In some sense it does reduce it, i.e., for most apps or users, the functionality provided by the network may be sufficient, but we get the idea. Entities in the data communication system :), say the mail servers, do some filtering, but different email applications utilize different techniques to get the job done and some are adaptive based on user input etc. I know there are efforts to do more and more in the mail servers, but the email applications are also getting more sophisticated over time. in that context, here's one that one could use to dramatically reduce spam intake. There are companies that sell reputation services for things that send email. At one point I looked at the gigahunks of email stored on my laptop, and found that there were less than 700 predecessors to the first Cisco email hop (less than 700 systems outside Cisco that sent email to to fred(_at_)cisco(_dot_)com) in my non-junk inboxes for 2003- present, but in the 30 days prior to my checking there were nearly 5000 predecessors represented in my junk box. The overlap? 25 systems - likely from misclassified messages. That suggests a simple approach - in one's firewall, null route the addresses reported by the reputation service as spam spews. It's a network layer solution to an application layer problem, yes, and it has all of the issues that reputation services have, and btw, you still want to run spamassasin-or-whatever on what comes through. Cisco IT tells me that it results in a dramatic reduction in spam, however, and saves them serious numbers of monetary units. The communication system isn't being a filter, properly speaking - it is simply routing some traffic to black holes using standard routing technology. And it doesn't relieve the application of the burden of filtering. But it can help reduce the volume of crapola at the application. _______________________________________________ Ietf mailing list Ietf(_at_)ietf(_dot_)org https://www1.ietf.org/mailman/listinfo/ietf
|
|
||||||