Novel use of Usenet and remailers to mailbomb from luzskru@cpcnet.com
-----BEGIN PGP SIGNED MESSAGE----- Somebody, too clever for their own good by half, has come up with a novel way of using Usenet and anonymous remailers to perpetrate mailbombs. The M.O. is to post a message to the naked-lady newsgroups saying "get pics in your mailbox! send this message to this address!), giving the email address of a cypherpunk-style anonymous remailer and including a pgp-encrypted message block. Thousands of horny net geeks will send in the message; some of them will even follow instructions correctly so the remailer forwards the message to its intended target. The result is that the target will be mailbombed -- and the remailer operator can't stop the abuse by blocking the abuser's address, because it's coming from all over the net. There is *no* chance that this is legitimate. The remailer discards the original message header. There is no way for the recipient to know who sent the email message. Cypherpunks: is there any way to respond to, or prevent, this sort of attack short of actually shutting down the remailer? What comes to my mind is the remailer operator grepping for a character string of ASCII-armored cyphertext from the known attack message and throwing messages containing it into the bit-bucket. It is highly unlikely that this would appear in any message except the attack message. The problem with this is that it works only for a known attack message -- it can shut down an ongoing attack, but it can't prevent new ones. I am including the widely-crossposted attack message below, including headers. Alan Bostick | He played the king as if afraid someone else Seeking opportunity to | would play the ace. develop multimedia content. | John Mason Brown, drama critic Finger abostick@netcom.com for more info and PGP public key
Xref: netcom.com alt.sex:292849 alt.sex.wizards:44144 alt.sex.magazines:11634 alt.binaries.pictures.erotica:364153 alt.binaries.pictures.erotica.blondes:48686 alt.binaries.pictures.erotica.female:130066 alt.sex.movies:91249 alt.sex.pictures:98757 Newsgroups: alt.sex,alt.sex.wizards,alt.sex.magazines,alt.binaries.pictures.erotica,alt.binaries.pictures.erotica.blondes,alt.binaries.pictures.erotica.female,alt.sex.movies,alt.sex.pictures Path: netcom.com!ix.netcom.com!howland.reston.ans.net!news.sprintlink.net!nuclear.microserve.net!luzskru.cpcnet.com!www-39-190 From: luzskru@cpcnet.com (luzskru) Subject: Get Penthouse and Playboy pics on your mail box!! Message-ID: <1b7cc$12a26.20@luzskru.cpcnet.com> Date: Thu, 11 Jan 1996 18:10:37 GMT Organization: http://www.cpcnet.com/~luzskru/home.htm X-Newsreader: News Xpress Version 1.0 Beta #4 Lines: 119
Follow these instructions. 1) paste everything between the -------- into the body of your message. Be sure to leave the first line blank and include everything including the :: 2) Send the message to homer@rahul.net 3) as the subject, specify playboy or penthouse and the month. 4) if you don't get the file within a few hours, then send it again and be sure that you didn't do something wrong. Here is the message:
---------------------------------------------------------
:: Encrypted: pgp
-----BEGIN PGP MESSAGE----- Version: 2.6.2i
hIwDuhnKCI5qH1EBBACCHVVFVfrX6fQ9QzUFVe8aCb+2g1M71Utg1ZJKGrq1S16v 0q/H8RvBa4bpg1RCx6IjhScaHqW66uubAUY1GOlzvWiMW4xw+3kEcO7lep8crvH0 +/YXe6S2jlIUjMW7FncoFSrBIumrPXygkXHtkTjStvJiBdXyXlmgahyl9nlaNKYA ABGCfXDZs31NP39/YeJmyP7M+edjKsKpTs8A9tW58Fm45Nlr/wStSsRsteTy/lQu +O5Hft36bsci8B8Y4gsSLlZ71a1GLvBhSOx5qfXIOStAaLZobfbPYd+WWJMiIXcv dGhl6SOoyUo5xc6ty7/Z4/vvxtOtndJMz7acsEk2pFQX8WNpBZRg+WRBOlTAKPDW vQhnowKeIna8wq8FfOJFQzdM3uxgYBeoqRc6dRGlB8+V+aOicAtZHdRgTjH4hgAk QF8W1lXDYc6OJZn3cR4WcoCYQnrGYLyFCEF/eU4umrFaCjs2HAql/ygBoK1AAloi BE2HSeKI+gh6DXwbR3Ub9FWkMGr8t3S2AHe4FzbJlIrnJEvSQUcihro+aCG/wGr4 0KyvfZuuBgKX7XiSEnZeoO+UcF9yBlnvy7FhNT7skmjZ79JH0aCnSgSE0u9Ta/Dw WGQT8nIz7Ex7T4sObGtKgSk2Ari86a+qM4McTBpelKmXIQLoivyuEW1r0OsRUJdA 1iwk2ILNL2Sn6/cHQaZKnGCSasWqxlM3cDcfit6M2y/3Jryj4fh29B2rYY+A8fP1 VU8uwFZ5whOBw7TcoS2dAoqOBOEYKz3pItCAxTMZ8UN1qu0EGXuBxSLLbNQtRShN oGddR2jlv43Js07rumdMGUazTiAUUY27Pb1w3V9dcvL3YALFjtEB2Keg9A4foyaf o1Krbxg/dMTVVcXuneP0ayhg3QGRlks5Gr+jGhTYUfrn9WetyI9nXeqzpvcwtXbc GkxHpQboQNeWiRkhkbmnBvbT/IseehBcC7NsyP9P6K/XxY02ebimFo51xpxM4Bsy MjMo1N/e9mvPuh1mzpbQwzuba9udM5Np2E9h7PKXO9F0PbMiLW1LMZ7lqfh4FHQO vhV/FwjkhTtCc/+T4ZNgpYcJ7PwM9s8JKxNWB73AFkTKBx4gQNDnhHNty77YunYU Rj8vUgiSRb+1hPejecxcfNAr5g3TAM/mJuVLg5njCkr3o2fuL4wGF5lz/GZ2l3sE sOs+BDQhZcefX4MOq7Ys60rAMvNizzQUo4H5aIdYzT4MYfw+4xPjOLcaHvzAYU7M WbeFoLdm7nC+//3ah5e1Bkk6POKUb6SnCJnUa/JyLV7+2PLo+YkwnokkSrB61bUf 7blbc91VSjaQ+wsUwBoVHu2RRg9QCtxTQKDilKG3oYISnnA1LaOhMfFVm1XKm7Oe 540eeJu7MGT+kLKjLe+UF1TDrZG7r9v/WK2SgTbliTvDzhj0dBhJ1MoDZxhx+h3m GM/kyqyV8YcTpBC8ePmzYE+j8gMTakihRslWPZn2SxT18leerbyMsyplyXdAowdW HXhTNuoolLJQPFpu9gK4kbr7U6KVdHPbUDDw+0km6pcJ8qWR4kCUD3Y8aMNfzggh VxuCqbdJdfYL8YzS3Z0PknzorgdvuWR/BXAkf/Jh9+zTNRgLu5TnueA6Ae68uIqp VDU0cetrD7ys5Wb+rq6Tg1WRgkpyg2iWdxdFpVb3w9zvdtV4MvfbVG8ckY1qYrAY wZgJOdWHtCW37UWXXgHWTrifsjNLeKVSSSrOIDzsxbI0wuwTadFRG/4Ci7A0K/C8 2lGs+gluHw6iTV0uSwxyZXr3JQR7R1VH4zb3sjDDd5X6YmR2OwThT934G49W4Afa 3F1gv4M5/9JVKTdRJGYPfYwDTbtfPHMWgj33rtsBbILBZ4HBJKoBDCygJfZzO6Jm fbUOqzB9+rPQLbD0DcxOoUyVtynWr9xG2M/WbvzjN+y28/YAQLrNvkppxA4psjNQ j/jS3od7HY1BWRvBGOgybrnovK9+ZbphLHHZzx+WcuG4ngtYriETlr5ZhlznT6Hv 5+vCJjIZHwp7x+sscxbYsSgyrtzi+nam1kiljLowN+avbaA/Xt3K7zymMAVbFq3T cM6Q4Gq07wAZkbmu69tCR41sdha7hWF9NM9DHAiOgdDknxljgKyHBcdKDOSsyzsU Ow9fdjMlna45i0AoZ4YsFfGC8SFhnMrLGAu1f6RVlWIpt/avWtEdJ3VYCe7ZwYw8 wtKHLMS3pSVrMNx3OuiQFykMs/TpBOGIdtR1AWqSRroE/SlxRtJWQjNt1yX24plZ +MMASvIbi8wJPrxwCOiNI5EBg+3UFdcxnOvdt6Da0ElO22ucr9qiu2E246QCSyDT j9jWAyRdxlevI1+O1OPqMO6LOGHL9pLw6FdsEKmpT49kWXYCIrxvSO25sq1ilIaH 0IiTs0FkWUxMaiwS8owhX0KVNGPJgl0RdAzsTIMf28AjN16Ex1d/Z7tjUy3AKgxq 7t6yaaot9sCIV2u5JD4DPnhG9pQ0gVPUTHbs/ImNA634Q/QK+mJTcFI+yweIaLCP Rk5kECvk9UBS1wLUSy//EotQ7XMJOq0/Vadwh9vMGE36yJcgB9kUAAl7HMvxLZsC ZgOiMqSNr5O8H0ulj1hqqaklR8xj1Dln9AVWsrh3gJP7NUiMrh0jnTWaHKGATDZ1 5wWiRTB5YqteRn7TW1R6+v/u9SHVriiQIvoL0ZtnZZzgZAsaJcGThPgWuyciB7ff HIqsjtul3EFr9Fm2rhTiVAnW7E6HFq2buLrQixImImDyygtCI5/LXsQvsANVjg1m qMZdBdOkc6Da6w0BXIgb14T1+O0uxnxAAxCDp93xmv/tsthW2mtYhESECTV93ph1 pk+JegBEN37ivX5054tIVJfD+aVkDXXnN2KM/GhqzOdGJEhZHcWFqQ7RNCiTk9n5 T/hF1FNcrf1mBIuM8U+tpyslhU4tOuHj4MTrbNA+zVNUHI0yhekLW89WwoIsDGCV boA6B5qirvM+PZOniXyzFqUaEGGAEkIizt9UFvaJ50sn9OcVxTeirHQPrkjVPGWh MXk8eBNzDmnO+/kWFLc9oOLmUiOmQDhboOtiHYMEaGNRxWw4i82XJi1fULSuj0s5 YjdSnH+He5oawpnnR3CzkVOrJkXxJTEaKUhe0i0lrkYi5YTnsCkpz/dHC4n6dEyT id1//eRfWqianNmyzbzkY89kUJu7XUn0iZPQhJgLCkx7JFLK2W/g4krgMkmQZc/L C0gxWH5ZCJvutuZrDtFXFk9z3oxSEDyaxqSjVn5lxjHc28jrHLLDC0FZWNklrOWl dK9Hjhh8aBWwsjcjKs71ibRs05Fmg6dxgR0K6UZm872WGgHUEwR1co4B9ArP1qVd U64v3Izm8ojVM4tgFx3z4QFyitoaNhkdlf+Q+rdUaIgoQHLl+9orISFZrItLwCKn gXtPrHwNRVcHs6hM9mxNjONufRhRMZUBpaeHhrNLMV9Coy9LROHFYbr0mT8+oyIh 7PrAlDQE6nuaC11NVlkh22bCRyR1ExsJSQrbrsvsFePm3JMxMEcVSXSyxNZqLTkA ueJtoW++RybT8VFe5w7DrPvKRVK5c23Ko081pBFfK2pWW5gYmnO61I1K+UOdZDET uvoXfPQ66aB4LsEo7iTwc7tcko2SMbjBgIp1rXKSCHpJkH1WBdKcALZnDTnvPwp2 mjpQlfy/OvHssjE+dNiWobHE8ymSzw1sOMAWNlEUCWNw0mGicO2XsnuG9AcN35oX b5qpmqCNn83r9B5a+d5jKlJzHcIFSjHryrudHRgUY+VilxsoIzPKKpkhcqKrNA+N GAl/tWA+oYBp/vhRQv0bqxMIYBSdrUKN52SNPIXmnDzAociBobnpcnr8zXEk7ITo rQJObrYbMOh1meqDcNLt0+6gKhFwiGGQmuxAakR6NgfE9SKFciQXE1bDCF3/YaAA 5V8YKA4Oe1z4AA5eRQiWJ7A1FbfJtxcl2ABcseyx2zHCPZv0a2zulqgyThhdMLNa 6gbxg1nr2W6QlbYH43gU3eJrvunDBDTGpWBKwSBAnO15Pscia0CLWJ2P/j4hLyyU 1nnswmdGaxluv/sSwwAR8OEWfj/lkQXrm1RPKyoFTifeFitmIOGtal2T3pf/NuR3 lXE1u+z3T0LZPrZ7n3/k4xyKaD2H5vhtV8Dj+UhHbyqlxYE+E0s1JGhhSE8rbydx +uFCk7MiQ4Y4QzUB+IomQDjK1U1FLKyTkFF6LihKXWbufvvDiGo8k61KsO5ebUAW gAV9t0wGBD5oQHBa+92qyrkmK/5QIzXbUSRUpHpmM4geP6wiS/wRock4DT5Y8RFE e8tlU365TbaYD+n1B87IZvggd6+i+tgszK6U7EslePOVOq+eJkgHtEHwqXMsC9BY +mMjGK9IgDSl8o3eYR2aCC2ZPRc7FXCvkQyGoBvmbjKZC30JwrfRSnbhz8JeLO/2 9yBHGS+YDmLkzV2yr8d8u5AD0NI3bhDYvH6T0P3PK6rV27ITi7Pp6rzWRJDag2MO cObv4YfGbopQ4j02NNy7KBq2xlcApPFvudCdHcVBdeKjaRBWvPei94Oy7/B8xazN jZDcMuOogNEaE+zGbjSlnhp4P1lHILY7NcgoFzgF9bhb46k6RZRXnt/mlzYpNMAw o3Ch6yJJNIQQx8c0Kka11ZPD4qVUCw8M85cFPVqhTOHQyao6q12exbT7WsZExzQn AnOjHffkChpECDyhGcFlRkS20t9kgTxoaD/1z22i8jFZOX3BoHaRSJM0FxC620JE cYxm7w3V1z9k1e4SfriI1rbLFZywYHyCglnV45pe4wkzRvw7OGdwtHYx56351m5j GX5Ls+J1KHrZQPH3Gb6iiZEXT/Hndhm/JRsQqxi6mgf3/zBwZyqnC8nenRjIwKhN x8eDG3jldBEFAjg1je4BQ1KoSKtqrRNPwg2FRW9D9ozGIxLn9cgjLyRWBwH3+J/P v6OLiqpcufeTr3nABb58y51qpiXT65lpFLnsw5Wj9vX2nkneDB88l54ZmrH6e6Z1 pSloilRAhzdWoXksUCSdxNXL7cH0ps0yGF9GWmUP3BaFv0q2YuV4Cfq3RF6zXO4e /ANPVO3j/pl4rk8cmKOJHWPBMgV5pkdUt29I/dcCSI/z9yZlYJZ7PSac0Tn3kyg7 23/IYhTSPx4JIq+VqT4sgOIdPjxBpJqKX7BMGQqecynonS+isIwgbSP/J2cNUhp0 0N7VDfei4kVjU4sJaOdNi1zO4/nLk+rfZiyR1WP3o59b35JoKq3Vdln2Jubt7PMW B6Ilmu6xVZj2QfhL1zGvY2C55uBcuqiIpKvmdgR8WAsvmtSPxSLE2ScanXUD1At0 2ej4+gr7K16pWLwLIcQ40B4BurxsZI+80kfUnx/LZjRLzc9Cdtw6b1VVhPp3qn9g yv352SccnDbP3yzcprJuSWQbHd9BeGcoHJsy5rKtdS5LiAuRGZ02EJ3RAJAwUMwK k430fYjY3ZX6giwKkpHunB9z59PQiGtI8s4OA0sEK+MuHWp8htbBP5kJddsP4k1G VFUQDcvsvjWQoJnCVEbvE7kPYf00AeRLGm7vM7TQTdDkoRfCii35G5wYS1dVY3nc luEu3b8aNwjXwH9Bh0aLXQIQVjvdpvr0/zUJ5hAi/YyZnYVqIsWkbWo8/i8Pw9jb BdElQ9yU9RIYDPrqBSKi5gLoOts7YYnZbWLAKWylm5Hbn6imJ/qbhPi7Buy0h5dA S/68ux55oW7FXc+rEfpjf0zBsrvxmT0SDu40S3l25SMUEO4A8oCB2sJgXafWE2Ea RssohLtRar4x8VCFpcGPbNio2muTT9VwaQG9KHygOfH3i69VcuC6db18uah0b80O WrXMeqK5M88JwjfJKe36kqPvLZD5llPeM7Sqj0wxUaKmnPW6ClXHm+mYeP+21BIY AOtDh1Lxg3R+rob8J/OtA3U9TtHT4aSnafRNrxDT5sm3PKx8ajnR3fe0jLo4mgdi Z1sLLK1wh9j21R4hy6XvrIOFCDqpbSR6KDCerYJyo371kd1mkpJKwdlsBIl5G4bN Q6nbNKsVWpHTdF24zHNh+GZgiY4Q98HcSp2PeFa4vetVlYmV48Uf8tncEukox0pK XIpWrirDXI+90zyVAwhKtjbNlC2a =TKgw -----END PGP MESSAGE-----
------------------------------------------------------------------------------ Include everthing between the ------------------------------- and you will get the pictures in your mail box.
-----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMPayLeVevBgtmhnpAQGKxgL9H4WsKLnIJAXGm5s1XPwWkRKsTHj2Ewhm sPVDYt697wflpqXy69oL4k8Jk/GUswuPcbO6/3zyeUGetm1hkVxrVCJSlW5sapQV tIT2MSZi1uz3Wwfn52uajm0d7ebF9bx3 =yoZx -----END PGP SIGNATURE-----
I did an AltaVista search for "luzskru" and found it on a list of known open NNTP sites. They're almost certainly blameless. The list, btw, is http://dana.ucc.nau.edu/~jwa/open-sites.html Cc'd to the guy who generates that list. In case he doesn't know, cypherpunks is browseable at news://nntp.hks.net/hks.lists.cypherpunks -rich
On Fri, 12 Jan 1996 10:55:12 -0800, you wrote:
Cypherpunks: is there any way to respond to, or prevent, this sort of attack short of actually shutting down the remailer?
Yes, very simply. The remailer could calculate a hash for the body of each encrypted message received (the same portion which will be decrypted by PGP), tabulate the last few thousand hashes, and simply discard any messages with a duplicate hash. The target of the attack would receive only the first copy of the message.
The remailer could calculate a hash for the body of each encrypted message received (the same portion which will be decrypted by PGP), tabulate the last few thousand hashes, and simply discard any messages with a duplicate hash. The target of the attack would receive only the first copy of the message.
That wouldn't keep the mailer from getting choked up pretty quickly, though, especially if it's on the end of a < T1 line. -- Ed Carp, N7EKG Ed.Carp@linux.org, ecarp@netcom.com 214/993-3935 voicemail/digital pager 800/558-3408 SkyPager Finger ecarp@netcom.com for PGP 2.5 public key an88744@anon.penet.fi "Past the wounds of childhood, past the fallen dreams and the broken families, through the hurt and the loss and the agony only the night ever hears, is a waiting soul. Patient, permanent, abundant, it opens its infinite heart and asks only one thing of you ... 'Remember who it is you really are.'" -- "Losing Your Mind", Karen Alexander and Rick Boyes
On Fri, 12 Jan 1996, Alan Bostick wrote:
Somebody, too clever for their own good by half, has come up with a novel way of using Usenet and anonymous remailers to perpetrate mailbombs. The M.O. is to post a message to the naked-lady newsgroups saying "get pics in your mailbox! send this message to this address!), giving the email address of a cypherpunk-style anonymous remailer and including a pgp-encrypted message block.
Yuck. Unless someone comes forward to say that they were the target of this attack, I'd guess that the target is the remailer network itself.
Xref: netcom.com alt.sex:292849 alt.sex.wizards:44144 alt.sex.magazines:11634 alt.binaries.pictures.erotica:364153 alt.binaries.pictures.erotica.blondes:48686 alt.binaries.pictures.erotica.female:130066 alt.sex.movies:91249 alt.sex.pictures:98757 Newsgroups: alt.sex,alt.sex.wizards,alt.sex.magazines,alt.binaries.pictures.erotica,alt.binaries.pictures.erotica.blondes,alt.binaries.pictures.erotica.female,alt.sex.movies,alt.sex.pictures Path: netcom.com!ix.netcom.com!howland.reston.ans.net!news.sprintlink.net!nuclear.microserve.net!luzskru.cpcnet.com!www-39-190 From: luzskru@cpcnet.com (luzskru) Subject: Get Penthouse and Playboy pics on your mail box!! Message-ID: <1b7cc$12a26.20@luzskru.cpcnet.com> Date: Thu, 11 Jan 1996 18:10:37 GMT Organization: http://www.cpcnet.com/~luzskru/home.htm X-Newsreader: News Xpress Version 1.0 Beta #4 Lines: 119
This article is still on nntp.stanford.edu. I've issued a cancel. Sites far removed from stanford.edu should consider doing the same. luzskru@cpcnet.com, of course, doesn't exist, *BUT* there is a luzskru.cpcnet.com in the DNS. And while every other port seems to be closed, there is an open NNTP port. N:~> telnet luzskru.cpcnet.com nntp Trying 198.70.185.5... Connected to luzskru.cpcnet.com. Escape character is '^]'. 200 luzskru.cpcnet.com NNS server version X2.06 ready - posting allowed quit 205 closing connection - goodbye Connection closed by foreign host. postmaster@cpcnet.com is probably a victim of this, but he should still be flayed with a wet noodle for letting this happen. -rich
Rich Graves writes:
On Fri, 12 Jan 1996, Alan Bostick wrote:
Somebody, too clever for their own good by half, has come up with a novel way of using Usenet and anonymous remailers to perpetrate mailbombs. The M.O. is to post a message to the naked-lady newsgroups saying "get pics in your mailbox! send this message to this address!), giving the email address of a cypherpunk-style anonymous remailer and including a pgp-encrypted message block.
Yuck.
Unless someone comes forward to say that they were the target of this attack, I'd guess that the target is the remailer network itself.
The target, Homer Wilson Smith, is one of the people embroiled in the Scientology wars. I don't want to get into the recent history of repression and abuse by Scientology agents & sympathizers, but my guess is that this is an attempt to harass someone that Scientology doesn't like. They (Scientology) have shown a remarkable ability to grasp both the technical details and social implications of the Internet and use them to harass ex "church" members and people who say things that they don't like. The "church" undoubtably hates remailers because so many of their critics post anonymously through them. But as they discovered with Usenet news, the same technology can be used to harass those critics. I think we'll see more ingenous attacks like this, using CP-tech in perverted ways to harass people. Annoying for sure, but helpful in a way- they'll help debug the technology. Like cipherpunks hacking Netscape, in the end it just makes it stronger. -- Eric Murray ericm@lne.com ericm@motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF
On Fri, 12 Jan 1996 22:25:53 GMT, I wrote:
The remailer could calculate a hash for the body of each encrypted message received (the same portion which will be decrypted by PGP), tabulate the last few thousand hashes, and simply discard any messages with a duplicate hash. The target of the attack would receive only the first copy of the message.
To refine this a bit further, the hash need not cover the entire message. It could be sped up a bit by restricting it to the header containing the encrypted session key. Since the session key is selected randomly, that header (and its hash) should be unique for every message. The hash values could also be retained for a fixed period of time -- perhaps 23 hours -- following the most recent receipt of a given hash. Thus a message could be repeated by the legitimate sender after a delay of 24 hours, and would be forwarded. The original sender could re-encrypt the message (thus changing its hash) earlier than that, and it would be properly forwarded. A canned message on the other hand, being sent from multiple locations, would likely be received more often than this and not forwarded after the first time, even if each sender only sent it once a day. You could even penalize messages for which you've received massive dupes, by extending the hash retention time by, say, 12 hours for each dupe received. If you got a message 100 times in one day, you'd refuse to forward any duplicates for nearly 2 months. This would take care of those on vacation at the time of the original attack, and those with very slow news feeds.
Some remailers (read: Mixmaster) include a destination.block capability. The target can be taught about mail filters. The target can ask the remailer op to remove the particular alias, after verifying that he receives mail sent to it. Too clever by half solutions such as ZKP would work, as would the remailer-op sending an arbitrary message encrypted to the complainer to the address in question. If the complainer gets the message, either he's sniffing well, mucking with the DNS, or is the intended recipient of the nym server. Adam Alan Bostick wrote: | Thousands of horny net geeks will send in the message; some of them | will even follow instructions correctly so the remailer forwards the | message to its intended target. The result is that the target will | be mailbombed -- and the remailer operator can't stop the abuse by | blocking the abuser's address, because it's coming from all over the | net. | Cypherpunks: is there any way to respond to, or prevent, this sort of | attack short of actually shutting down the remailer? -- "It is seldom that liberty of any kind is lost all at once." -Hume
-----BEGIN PGP SIGNED MESSAGE----- regarding remailer spams: one way to prevent this sort of spamming is to put a cap on the number of messages that can be delivered to a given address. of course, an exception will have to be made for instances of chaining so that the number of messages allowed to be forwarded to another remailer is not limited. i'm trying to think of a scenario where this would not be a good thing. i suppose if somone was conducting an anonymous poll their address should not have a limit. i'm sure there are problems with a mesg quota system, but it does seem like an easy solution. - -pjf patrick finerty = zinc@zifi.genetics.utah.edu = pfinerty@nyx.cs.du.edu U of Utah biochem grad student in the Bass lab - zinc fingers + dsRNA! ** FINGER zinc-pgp@zifi.genetics.utah.edu for pgp public key - CRYPTO! zifi runs LINUX 1.3.56 -=-=-=WEB=-=-=-> http://zifi.genetics.utah.edu -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by mkpgp1.6, a Pine/PGP interface. iQCVAwUBMPbLOE3Qo/lG0AH5AQHJWgQAmvlOnHIAiWZz3Dw/czAeKEeylCTUVxRi BFTwFPbwTR2QtwcLfDpw5+Ym/Qss2jx1MVoVJuTbjx4D7GGitSdYSWN6TuAapUdr oeFPo5+EuIwAT77luwYWa9gXYN36IZlWuzYgdbjkMorxz0UwSn4Y8U1fnaAmTh1e GwZhC5+tcZw= =bzmC -----END PGP SIGNATURE-----
On Fri, 12 Jan 1996, zinc wrote:
-----BEGIN PGP SIGNED MESSAGE-----
regarding remailer spams:
one way to prevent this sort of spamming is to put a cap on the number of messages that can be delivered to a given address. of course, an exception will have to be made for instances of chaining so that the number of messages allowed to be forwarded to another remailer is not limited.
i'm trying to think of a scenario where this would not be a good thing. i suppose if somone was conducting an anonymous poll their address should not have a limit.
i'm sure there are problems with a mesg quota system, but it does seem like an easy solution.
Unrelated legitimate messages may arrive after the 'limit ' has been reached. Jay Holovacs <holovacs@ios.com> PGP Key fingerprint = AC 29 C8 7A E4 2D 07 27 AE CA 99 4A F6 59 87 90 (KEY id 1024/80E4AA05) email me for key
-----BEGIN PGP SIGNED MESSAGE----- On Fri, 12 Jan 1996, Jay Holovacs wrote:
Date: Fri, 12 Jan 1996 21:31:27 -0500 (EST) From: Jay Holovacs <holovacs@styx.ios.com> To: zinc <zinc@zifi.genetics.utah.edu> Cc: Alan Bostick <abostick@netcom.com>, cypherpunks@toad.com Subject: Re: Novel use of Usenet and remailers to mailbomb from luzskru@cpcnet.com
On Fri, 12 Jan 1996, zinc wrote:
regarding remailer spams:
one way to prevent this sort of spamming is to put a cap on the number of messages that can be delivered to a given address. of course, an exception will have to be made for instances of chaining so that the number of messages allowed to be forwarded to another remailer is not limited.
i'm trying to think of a scenario where this would not be a good thing. i suppose if somone was conducting an anonymous poll their address should not have a limit.
i'm sure there are problems with a mesg quota system, but it does seem like an easy solution.
Unrelated legitimate messages may arrive after the 'limit ' has been reached.
i realize this is an obvious problem. although this is a weakness, i'm not sure it would really matter. if a person was going to be doing something on the net they expected would generate a lot of anon traffic they could notifiy the remailer operators. this has other weaknesses related to forgeries but there's only so much that can be done... obviously this is not going to be an easy problem to solve. - -pjf patrick finerty = zinc@zifi.genetics.utah.edu = pfinerty@nyx.cs.du.edu U of Utah biochem grad student in the Bass lab - zinc fingers + dsRNA! ** FINGER zinc-pgp@zifi.genetics.utah.edu for pgp public key - CRYPTO! zifi runs LINUX 1.3.56 -=-=-=WEB=-=-=-> http://zifi.genetics.utah.edu -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by mkpgp1.6, a Pine/PGP interface. iQCVAwUBMPcejU3Qo/lG0AH5AQEteQP/Ss6/bPyii2WW/2Z1qJG+J+sDAfI1RAuU zKpnS6pCPGaoF/Hn4YYDwyG6ut168KP536Q+fQDTV0yPuTKxT1pjO2+vqY8XeOmA Mj/D8cOEN6dMPThp8Tgd93/wJKRE1+lW70YkXAybMtISMe3ulrOVCXyNcAGAhpQj f35BKt2km3g= =PeFd -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- If "digital postage" is ever implemented, this sort of distributed-origin mailbomb-through-a-remailer would be stopped immediately. All the messages that the horny net geeks send would necessarily contain the same postage stamp, and the remailer would notice this right away -- and throw away messages containing the used postage stamp. One more motivation for e$-like digital postage for remailers. - -- Alan Bostick | He played the king as if afraid someone else Seeking opportunity to | would play the ace. develop multimedia content. | John Mason Brown, drama critic Finger abostick@netcom.com for more info and PGP public key -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMPcY++VevBgtmhnpAQE4NQL/WOEumDEZL+EoJYjhg7ELHTIwoT0rEK/y dnvui3eJhUONPPBE3Dk/2kCc43ZlCxReo3Dizdf3CuGv9ypIiG/qYC1n3Gl1StM+ 2rKS3S0LMUrN9GrguTUwzL6Wy055XGG9 =mjFR -----END PGP SIGNATURE-----
participants (8)
-
abostick@netcom.com -
Adam Shostack -
Ed Carp [khijol SysAdmin] -
Eric Murray -
Jay Holovacs -
lull@acm.org -
Rich Graves -
zinc