On Thursday 19 October 2006 06:39, Jo Rhett took the opportunity to say: > Magnus Holmgren wrote: > > OK, the attacker might have 100 zombies on different ISPs, with each > > ISP's smarthost helping amplify the attack a bit. But does that really > > count? The servers making the callouts aren't the ones which are > > amplifying. > > You really don't have to deal with spam at your day job, do you? 100? > 100? What is this, 1991?
No, it's an example. I was only after the relative numbers.
> Modern trojan systems run in the multi-thousand PER ISP. Then there are
> roughly half a million open relays in China and Korea alone.
>
> Finding places to submit mail spam for you is trivial if all you have to
> do is get to RCPT TO, not get it delivered.
>
> So with your army of bot-machines and open relays, you start delivering
> all over the planet with a single forged envelope sender.
Of course. That wasn't the question. The question was whether servers doing
callouts would help a deliberate attack against a particular network by
providing amplification.
(Mark Perkel wrote:
> If somene had the bandwidth to cause a denial of service
> through sender verification they could do it more easlly by just
> attacking the target directly.)
Spammers nonetheless might, and do, choose an adversary's address as sender
and get the blowback against him as an extra bonus.
> Yes, it isn't a problem today. But if everyone turned on sender
> authentication, it would be. Instantly.
I can agree with that. If everyone turned on sender verification it would
force spammers to use valid sender addresses, which they can easily do,
making the verification useless. Unless everyone also use means to force the
spammers to use their own addresses.
--
Magnus Holmgren [EMAIL PROTECTED]
(No Cc of list mail needed, thanks)
pgpauymTAAvWA.pgp
Description: PGP signature
