[IP] more on somebody is spoofing "from dave@farber.net"

[David Farber <dave@farber.net>]

Begin forwarded message:

From: Rich Kulawiec <rsk@gsp.org>
Date: August 8, 2004 9:32:53 AM EDT
To: David Farber <dave@farber.net>
Subject: Re: [IP] somebody is spoofing "from dave@farber.net"

On Wed, Aug 04, 2004 at 07:14:32PM -0400, David Farber wrote:
> Again, it is past time to fix the spoofing (like 20 years past 
> time)!!!!

Can't be done -- at the moment.

Oh, sure, there are proposals (like DomainKeys and SPF) on the table 
which
attempt to wallpaper over the problem and hide its consequences, but 
none of
these do anything to address the underlying issues.

Nor can they: as long as there are N (where my current guesstimate of N 
is
40 million) zombies [1] out there, and as long as NOBODY has a plan to
un-zombie them *and* keep them that way, the problem will persist.

And, as of the moment:

	1. The putative/former owners of those zombies are largely unaware
	of the problem; and of those few who are aware, many lack the tools
	and the expertise required to solve the problem.

	2. The ISPs which knowingly permit these zombies to abuse the entire
	rest of the Internet have, collectively, sat on their hands for the
	better part of two years while the problem has increased to epidemic
	proportions.  Never mind that they could have *at least* mitigated
	some of the effects with simple network triage measures that could
	be put into place in a week; it would seem, at least in the case of
	consumer broadband ISPs (which are a major source of this problem)
	that they would prefer to spend their money on marketing rather than
	on engineering.

	3. The OS vendor which is responsible for the widespread deployment
	of the low-quality software which makes this possible has completely
	failed, more than two years into its "focus on security", to even
	release a rudimentary mail client which can be safely used, or to
	address major deficiencies in its web browser in a timely manner.
	Thus, an unceasing parade of new/newly-found security holes which
	shows no signs of stopping or even slowing down ensures a plentiful
	supply of fresh opportunities for attackers.

Thus: of the three entities which are clearly responsible for this 
problem,
nobody appears to have much interest in actually DOING something about 
it.

---Rsk

[1] A "zombie" is a Windows system which has been successfully hijacked
and is under the effective control of a remote attacker.  Zombies are
created via spam/viruses/worms/attacks/spyware, and are used for a
variety of purposes: sending SMTP spam, hosting spammer web sites,
conducting DDoS attacks, attempting to create more zombies, etc.
"Zombie farms" represent enormous aggregate computing power and
bandwidth; in fact, some people are selling access to them in quantity
or offering to conduct DDoS attacks with them for a fee.  It's difficult
to tell how many zombies are out there -- for instance, a dormant zombie
being held in reserve would be difficult to detect -- but the estimate
of 40 million is a composite based on observations and discussion with
experienced anti-spam/anti-abuse professionals.  It's probably wrong;
but it's probably the right order of magnitude.

-------------------------------------
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/