[extropy-chat] SPAM: ISPs get serious

Eugen Leitl eugen at leitl.org
Tue Nov 4 15:55:29 UTC 2003 

On Tue, Nov 04, 2003 at 07:05:07AM -0800, Robert J. Bradbury wrote:
 
> Interesting.  In Sweden, the primary ISP (Telia) will now
> start blocking internet access for systems that have been
> corrupted by trojans that are sending SPAM.

The usual half-baked knee-jerk vigilante approach. How do they know the
machines are compromised, and sending spam? There's no way to know for sure
they're compromised without hacking into the machine. Why should ISPs be
allowed that? People go to jail for this for a decade, so why shouldn't they?
So they're looking at indirect clues, such as control traffic.
How can they tell legit from known blackhat, especially if encrypted? Pattern
analysis? I just don't see ISP throwing such expertise at petty spam
problems -- small ISPs just can't afford the security budgets. (Besides, 
do you want your ISP to scrutinize *your* traffic at this
level of detail? I sure as hell don't, and I'm no blackhat).

So that much is bogus, what about the spam claim? They're either bugging their
mailserver with a DIY Carnivore -- assuming spammers use their ISP's mail server (thus 
reading your mail -- you sure you want that?, comparing for similiar mail getting sent out
to some number of recipients -- what's the threshold for this? how do you
tell this from legit traffic, just as this mailing list?), or looking at
traffic analysis (uh-oh, snoop alert) or looking at spam
target complaints, which can be an misunderstanding (there are always false
positives in RBLs due to idiocy or malice) or a deliberate forgery, trying to
shut a service down -- it's a daily occurence with realtime blackhole
listings.

In short, it's a wrongheaded "solution", fraught with friendly fire. The only
way to kill off spam sustainably is 1) end users use MTAs, sending out SMTP
traffic (ISP's mail servers don't get hit, users pay for the traffic
generated) 2)
algorithmic (Bayesian and otherwise) and realtime user-submitted spam classifiers
(using pattern matching algorithms derived from bioinformatics) 3) TMDA
challenge (expirable token, reply required for automated whitelisting) 4)
associating cost (nanograin digicash, computation) with sending mail, a 
la hashcash (reducing the rate of mail
sent out, could be a problem for legit mail traffic -- use a p2p mail
infrastructure for that letting customer nodes amplify strongly authenticated
message) 5) redesign SMTP (IM2000),
so spammers bear the brunt of costs. 

It will take several of above measures to slowly phase out spam (just a
parasite exploiting the weakness of the original system -- you have to harden
the system to get rid of it for good).
 
> Thus one of the most liberal countries in the world is
> effectively adopting a policy that you don't get to pee
> in the public fountain.
> 
> Telia blocks computers that send spam
> http://presstjanst.telia.se/press/Article.jsp?category=81&selected=2&article=3700
> 
> Worth asking oneself -- Do you have a computer running Microsoft software
> that connects naked to the net?  (i.e. via dial-up, cable, satellite,
> etc. without going through a firewall).  If so have you installed *all* of
> the various security patches Microsoft has distributed for your O.S.?  If
> not, and you are not running very robust virus/worm detection software
> then you are part of the problem -- and are behaving in an unextropic
> fashion because you have no idea whether or not your system may be
> compromised.

The right solution for this is legal liability, and bearing full costs.
If people had FastEthernet at home, a compromised server generates several k$
worth of traffic over the weekend. That would put some serious chlorine in
the shallow end of the gene pool. 

 
> I had it happen to me (my laptop was once hijacked by some hackers
> in Eastern Europe in an attempt to win some distributed computing
> contest).  It can happen to you as well.
> 
> R.
> 
> 
> _______________________________________________
> extropy-chat mailing list
> extropy-chat at lists.extropy.org
> http://lists.extropy.org/mailman/listinfo/extropy-chat
-- Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.extropy.org/pipermail/extropy-chat/attachments/20031104/95caf869/attachment.bin>

More information about the extropy-chat mailing list