What should I do?

Vernon Schryver vjs@calcite.rhyolite.com
Tue Jun 24 17:51:21 UTC 2003

> From: Paul Vixie <paul@vix.com>

> if you want dcc to be immune to inappropriate use (like testing spam
> generators against it, or monitoring spam runs through it) then you
> will need cryptoauthentic goo, since ip source addresses are a dime
> a dozen, and if someone wants to misuse the system and the only thing
> stopping them is their ip address, then they'll just get another
> connection.

Just to emphasize, I believe the outfits in question are using
their DCC clients appropriately.

I hope the DCC protocol has enough cryptoauthentic goo to exclude bad
guys.  It's the HMAC based on client-IDs and passwords.  The trouble
is that you can't turn it on without excluding anonymous DCC clients.
If you can't trust some of your anonymous clients because they're
hopping among IP address blocks to do bad things, then you can't trust
any of them and must turn off all anonymous access.

As long as the source is open, I don't see how to keep anyone
from testing spam generators where it really counts, in private.

The blacklist mechanism now in the DCC server is intended for use
against broken systems at fairly constant IP addresses.  (Speaking of
a minor case of those, does anyone know how to contact AOL to get them
to fix their firewall to accept DCC answers to their DCC requests or
to turn off their ~60K DCC NOPs/day to the public DCC servers?  I've
tried the obvious email addresses.)


] From: Stephen Misel <steve@neonova.net>

] ...
] I'd say it depends on how "blemished" their .sightings is.

How blemished is blemished?

]                                                             I think it's
] unlikely for a decent-sized ISP to have nothing in .sightings.

That's certainly true.

] ...
] How many public and private servers have addresses listed in SPEWS?
] Wouldn't it be fair to require the ISP not have any SPEWS listings to
] access the network?  If an ISP is serious about stopping spam, one would
] think they'd address internal sources first, and INBOX blocking second?

I'm not enthused about linking the DCC to SPEWS.  It's not only that
SPEWS is anonymous, SPEWS's collateral damage policy, or the persistent
misstatements of fact in the SPEWS FAQ.  It's also not my conviction
that the person behind SPEWS does not understand the nature of network
abuse, and has abused open relays for his own purposes, albeit only
for a trivial amount of unsolicited mail.  I'd be as uncomfortable
linking the DCC to the SBL.

It's not practical to keep even spammers who want to reduce their own
spam loads from using the DCC with anonymous DCC clients.  My real
question is whether operators of the more than 150 DCC servers in the
global network would feel uncomfortable with a direct or indirect
flooding peer that with a less than perfect history, and how much
imperfection would trigger discomfort.  If anywhere, that question
should be addressed on the DCC-servers mailing list.  I raised it here
because many DCC server operators are not subscribers. 
See https://www.rhyolite.com/mailman/listinfo/dcc-servers

For anyone who subscribes to the other list but not this, I'll send
a blind copy of this to the other list.  Please excuse the duplicate
copies that will arrive in some mailboxes.

Vernon Schryver    vjs@rhyolite.com

More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.