Michael Hammer wrote:
In the following, I will keep in mind a scenario with 50 zombies, each
sending me mail forged to show 200 different users (randomly generated
names, like sldkjsfoiu(_at_)yahoo(_dot_)com) @ the same set of 50 different
domains
(4 random users per domain). (Ie, the zombies have the same mailing list
to send to). Assume that each of the 50 domains uses a mechanism like
shown below; Assume the the random algorithm is the same on all zombies,
and it generates the same sequence of 200 unique usernames.
Haven't had time to think about the rest of your post(s). The above
makes me step back and go Hmmmmm..... How can you call it random if
50 different hosts (zombies) come up with the same sequence of 200
unique usernames. By definition that would be nonrandom (not even
pseudorandom).
Or is there something I'm missing?
Certainly. I assume the zombies run the same piece of spamware writen by
a coder who doesn't understand "random" well.
If his code uses seed(0), then the sequence will be the same every time.
It's very hard to get "random" sequences to be truly random. The case
where seed(0) is used looks random enough when tested on one machine,
but then the "programmer" would not realize that it's only a
pseudo-random sequence.
It requires more wisdom to understand 'random' than I assumed in my example.
Anyway, if the zombie's code generated a better random sequence, the DNS
load generated would be _higher_, as there would be even fewer
chacheable queries. I did not present the worst case, just a typical case.
Greetings,
Radu.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper! http://spf.pobox.com/whitepaper.pdf
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
radu.vcf
Description: Vcard