[ Date Index ][
Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]
On Thursday 03 July 2003 00:07, you wrote: > > Which made me think that one might send a stream of spoofed > > "unique log ID references" back to the bastards concerned, > > devaluing their lists of "live" email addresses. > > How? exactly? You'd have to be able to match the spoof ID to a > listed email address The enemy has done that for us, by sending an ID to an address ... more below ... > and presumably therefore know the > workings of the script that the spammer uses to generate the > ID. That is a significant cryptographic challenge, but I wouldn't rule out people finding it entertaining to tackle. There are a _lot_ of cribs available, since we already have the technical and social means to collect large numbers of spam emails into one place, this would be a service added to teh spam black holes and collaborative filters, not something run by only one site. > False ID's would just be dumped by the script upon > receipt. > The generation and verification of the ID takes no more than 4 > - 12 lines of Perl (depending on how hard you want to mask the > original 'seed' data) which would take so little time on a > server that you would find it hard to measure, so bombarding > the (usually web) server with invalid spoofs isn't exactly > going to register as a DoS. I bow to your knowledge on the time involved. _Valid_ spoofs though would have the effect I described. The usefulness of the attack depends on the number of valid spoofs that can be created. > I have used this seed masking in Perl and the only real way to > crack it is the same way as any substitutional cypher - you > need to get hold of a lot of identical messages sent to > various email accounts, all using the same cypher pattern AND > hit it before the cypher pattern changes again. Whilst the > pattern is in use, A is always g etc. but the next pattern > changes A to decipher as r and so on. I think that quantity can safely be assumed. > Unlike the Enigma codes, there's no weak point of sending the > cypher pattern to a receiver because with spam ID's the > receiver (the one who needs to validate / decipher the ID) IS > the sender (the one who generated the ID) - a closed loop > cypher. As the cypher pattern does not need to be revealed to > anyone except the sender, each cypher has to be cracked from > scratch every time the pattern changes. Initial settings. But in spam the volume is very much greater than Enigma traffic. > Sounds like more work than is required. Use SpamAssassin and > install Razor too, then the spam can be reported as verified > and spam filters all over the internet can be updated. If it can't economically be done - automated - then it is not useful, but it atracts me asa way of striking back, and at the business quality rather than just the volume of business. -- From the Linux desktops of Dr Adrian Midgley http://www.defoam.net/ -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.