On Wed, Feb 25, 2004 at 11:53:13AM -0600, wayne wrote:
|
| * C-ID has "hashedPuzzle" and "allETPSigned" mentioned in their XML
| schema, but they aren't documented anywhere.
|
The related CSRI document may shed more light on the above.
Download it at: http://spf.pobox.com/caller-id/
I have deep doubts about the feasibility of hash-cash systems.
They seem to assume that spammers rent a half dozen boxes at a
colocation center and spam from there. That may have been true
in 1998 but today most spam comes from zombied broadband machines.
This discussion comes from another mailing list I'm on.
From someone at AOL:
|
| AOL sees 60-70% of our spam coming from 50-100 ISPs today (mostly
| broadband). We have done queries to see how many IP addresses on those
| networks are generating spam and relaying it through the SMTP servers of
| that ISP to us (fyi, we block the direct connections to us in most every
| case now).
|
| What we have found is that for every million spams we receive, we see a
| few 100 compromised hosts spewing it. So I would guess that today, right
| now, there are about 10,000 to 50,000 PCs that are infected and actively
| spamming AOL currently.
|
| So although AOL is blocking 10's of millions of IP addresses for having
| spammed in the past (complaints and volume to prove it), perhaps a lot
| of these are dynamic and/or should have been expired by now. Perhaps if
| we unblocked these, some would start spamming again, but not all 50 million.
|
| One last data point:
|
| When mydoom came out, AOL started tracking some 2-3 million new hosts
| that were sending us mail that had never sent us mail before. These all
| had very poor complaint:volume ratios.
|
| Conclusion:
|
| So if you look at the data, perhaps a realistic number is several
| million compromised hosts...perhaps as high as 10 million, but likely
| not that high. Several million for sure though :-)
|
From someone at Yahoo:
It's kinda of a flippant statement, but in our presentations we
suggest that the spammers have access to much more compute power than
the combined capability of the top 25 supercomputers.
From someone else:
| Ballpark, back of the envelope figures, mostly made up for entertainment
| purposes:
|
| The world's third-fastest super computer is composed of 1100 Apple PowerMac
G5
| Towers (in process of converting to more space-efficient G5 xServes).
| Presuming that on any given day a single spammer has access to 20 times that
| number of computers at an average of 60% of the capability of a
| dual-processor G5 Mac. This means that a single spammer has control of a
| distributed computing network of 22000 machines with the processing speed 12
| times greater than the #3 supercomputer or 123.36TFlops (roughly 3.44 times
| the speed of the world's fastest supercomputer).
|
| Now in an ideal approximation, each spammer has his or her own network of
| exploited machines, so it's a simple matter of multiplying by the number of
| spammers. However, we know this is not the case. Let's assume that each
| spammer shares his computing resources 50%, so that only half of his machines
| are unique to him. The others are distributed evenly between the remaining
| spammers. Presume exactly 200 spammers (it's more than that, but this is a
| back of the envelope calculation, and 200 will account for most spam).
| That's 2.2 million compromised hosts, 12,336TFlops, or 344 times the world's
| most powerful supercomputer.
|
| Here are the variables so that others may play with them:
|
| Computing Power of a single Windows-based PC (PowerMac G5 = 1) = .6
| Total number of computers per spammer = 22000
| Overlap of exploted computers = 50%
| Total number of spammers = 200
|
| Overlap of exploits and the total number of spammers probably correlate quite
| closely. More spammers means greater overlap, and fewer means less.
| Computing power is a guess, nothing more, as is the total number of exploited
| machines per spammer.
|
| At even a fraction of this computing power, spammers could easily form an
| unbeatable distributed computing network. If they're smart they'll turn
| calculating the hash-cash over to this system and be able to burn through it
| like lightning. Let's say a spammer converts half his available exploited
| machines over to calculating hashes. That's 1.72 or so Earth Simulators.
| The rest (another 1.72 Earth Simulators) send spam. Overlap with other
| spammers (think time-share) cuts his efficiency by half on both sets of
| systems. He's still got the computing power of 1.72 Earth simulators (split
| .86/.86 for each project). How expensive is that hash-cash going to have to
| be again?
|
| Even smarter spammers will pool their computing resources for calculating
| hashes. Let's say all 200 spammers decide to dedicate 1/4 of the compromised
| hosts to calculating hashes. 550,000 hosts computing hashes, 1.65 million
| spam-senders.
|
| This is scaring me, and I dearly hope I'm wrong. The one good point against
| all the above is that the figures are largely made up. However, the real
| numbers are likely to be just as frightening.
|