[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Another possible remailer attack?
Steve Reid wrote:
>
> >Date: Fri, 8 Nov 1996 12:58:42 -0800
> >From: [email protected] (John Anonymous MacDonald)
> >Subject: Vulis on the remailers
> > Please, remailers, source block Vulis for a week.
> > Remailer Fan
>
> Suppose you operate an ISP and you suspect that one of your users (let's
> call him Dimitri) is using anonymous remailers to submit politically
> incorrect messages (under a pseudonym, or all with the same writing style)
> to Usenet, mailing lists, and a well-known phreak/hack publication. Also
> suppose that these public messages are appearing on a regular basis.
>
> You want to know if Dimitri is the person regularly posting these
> messages. So, you use your powers as ISP to block his access to all
> remailers. If the public messages suddenly stop then you can be reasonably
> certain that Dimitri was sending them.
>
> I expect this would work even against DC nets.
>
> The only solution I can think of is to have an account with multiple ISPs
> and always send mail from more than one account. This probably wouldn't
> offer much protection against TLAs (NSA, CIA, FBI, MCI, AT&T ;) who may be
> able to block traffic no matter where it comes from.
>
> Comments?
>
"Dimitri" can always telnet to smtp ports of various sites and use them
to forward his mail to remailers. If his ISP blocks him (via a router
filter, for example), then he would notice. A schizophrenic mind can
imagine a situation where USENET Cabal would try to fool him and try to
stand in the middle between him and all smtp servers, emulating their
responses, but that is not terribly feasible.
Also, some people regularly (via crontab) send anonymous email to
themselves, just in case. They would notice when they stop receiving
them.
- Igor.