IBM to offer service to bounce unwanted e-mail back to the computers that sent them
http://money.cnn.com/2005/03/22/technology/ibm_spam/ And I thought they knew better by now that a hijacked windows pc won't accept mail. I still consider it silly to absorb the sender's bandwidth like this (and all transits' bandwidth until someone is smart enough to put a filter up). -andreas -- Andreas Ott andreas@naund.org
* Andreas Ott:
http://money.cnn.com/2005/03/22/technology/ibm_spam/
And I thought they knew better by now that a hijacked windows pc won't accept mail. [...]
The CNN article tries to describe IBM's proposed system, but fails badly. IBM's description is available at: <http://www.alphaworks.ibm.com/tech/fairuce> It doesn't seem too bad, as long as you don't use it for blocking email. The C/R part is, of course, an unfortunate mistake.
The better idea would be fingerprint the spam to match the bot used to match the exploit used to run the bot to then reverse exploit back to the exploited machine patching in the process. I managed to setup such a system a while ago with nimda traffic however I could not a find a software tool which exploited a nimda exploited machine which could then patch it and remove the virus (Ie a remote doctor without you knowing :) Colin Johnston
* Colin Johnston:
The better idea would be fingerprint the spam to match the bot used to match the exploit used to run the bot to then reverse exploit back to the exploited machine patching in the process.
Doesn't work reliably. A lot of bots close the attack vector they used, to prevent infection by just another bot. There's also a lot of cross-infection behind packet filters, which stop the same attack from the Internet.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Why even bother responding. Just imagine frontbridge (using them an example, I have no affiliation with them) responding to each and every spam they block..something like 7 terrabytes of data per week or so. I guess this is one way to justify for more bandwidth :-) regards, /virendra Colin Johnston wrote: | The better idea would be fingerprint the spam to match the bot used to match | the exploit used to run the bot to then reverse exploit back to the | exploited machine patching in the process. | I managed to setup such a system a while ago with nimda traffic however I | could not a find a software tool which exploited a nimda exploited machine | which could then patch it and remove the virus | (Ie a remote doctor without you knowing :) | | Colin Johnston | | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCQHd3pbZvCIJx1bcRAhPZAJsFJeNXkjKbtUkiMG5LKUH1C1ipPwCfYG1W KHZwd5enWFB+mTp5kkJaEyw= =ZtDG -----END PGP SIGNATURE-----
On Tue, Mar 22, 2005 at 10:24:37AM -0800, Andreas Ott wrote:
If this write-up is accurate, then this is incredibly stupid in multiple ways and on multiple levels. I *hope* that this is just a misperception based on poor writing and that nobody at IBM is actually seriously contemplating something that's simultaneously useless and abusive. ---Rsk
participants (5)
-
Andreas Ott -
Colin Johnston -
Florian Weimer -
Rich Kulawiec -
Vicky Rode