North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: botnets: web servers, end-systems and Vint Cerf [LONG, sorry]
On Monday 19 February 2007 13:27, you wrote: > > people consider this to be a Windows malware problem. I consider it to > be an email architecture problem. We all know that you need hierarchy to > scale networks and I submit that any email architecture without > hierarchy is broken by design and no amount of ill-thought-out bandaids > will fix it. I look forward to your paper on "the end to end concept, and why it doesn't apply to email" ;) I'm not convinced there is an email architecture problem of relevance to the discussion. People mistake a security problem for its most visible symptoms. The SMTP based email system has many faults, but it seems only mildly stressed under the onslaught of millions of hosts attempting to subvert it. Most of the attempts to "fix" the architecture problem so far have moved the problem from blacklisting IP addresses, to blacklisting domains, or senders, or other entities which occupy a larger potential space than the IPv4 addresses, which one can use to effectively deal with most of the symptom. In comparison, people controlling malware botnets, have demonstrated their ability to completely DDoS significant chunks of network, suggesting perhaps that other protocols are potentially more vulnerable than SMTP, or more approrpiate layers to address the problem at. We may need a trust system to deal with identity within the existing email architecture, but I see no reason why that need be hierarchical, indeed attempts to build such hierarchical systems have often failed to gather a critical mass, but peer to peer trust systems have worked fine for decades for highly sensitive types of data. I simply don't believe the higher figures bandied about in the discussion for compromised hosts. Certainly Microsoft's malware team report a high level of trojans around, but they include things like the Jar files downloaded onto many PCs, that attempt to exploit a vulnerability that most people patched several years ago. Simply identifying your computer downloaded (as designed), but didn't run (because it was malformed), malware, isn't an infection, or of especial interest (other than indicating something about the frequency with which webservers attempt to deliver malware).