[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Is the list down?




> Duncan Frissell <[email protected]> writes:
> Looks like we had a little denial of service attack from you know who.

Actually, I don't -- I can think of two likely suspects... of course, they
could be tentacles of each other, but the styles don't match.

> Everyone was unsubscribed.

I guess that means forging a message from each of us; when I first tried
subscribing, it wouldn't accept my subscription from mycroft.rand.org for
my mail address of rand.org without human intervention, so the attacker
couldn't do it from his own account without forging.  I just did an
experiment verifying that "Reply-to" is honored by Majordomo, which
would explain why I didn't get acked for the unsubscribe on Saturday.

Cooperative anarchy works only when people can be either motivated
or coerced into being cooperative.  As the net keeps increasing
exponentially the probability of sucking in a critical mass of loonies
increases along with it.  As with public key cryptography, it takes only
a linear increase in loonies to seriously interfere with the exponentially
increasing (relatively) sane population.

Well... countermeasures.  Majordomo could require its subscriptions signed
with a valid public key (PGP or RIPEM) with the public key in the signed
body, and process future transactions for that individual only if they're
signed.  That's still open to a spam attack, though, where the attacker
can subscribe 30 variations of (say) Jim Gillogly's address with different
public keys constructed just for that, and Gillogly wouldn't be able to
send the right unsubscriptions.

Hurm.

	Jim Gillogly
	Mersday, 18 Thrimidge S.R. 1994, 16:09