[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FORGED CANCELS of posts on n.a.n-a.m



>If the cancel cannot be authenticated (e.g., because the original article lacks
>the "Cancel-lock: M2" header, or the cancel lacks the "Cancel-key: M1" header
>such that H(M1)=M2), then INN should forward the unauthenticated cancel to one
>or more "collection centers" so the author of the original article may be
>notified.

So if 70% of Usenet follows this scheme a handful of forged cancels can easily
cause melt down.

>Each "collection center" deamon should wake up periodically (say, every hour),
>group the collected unauthenticated cancels by message-ids of the cancelled
>articles, and e-mail the (distinct) addresses (other than "[email protected]*" or
>"[email protected]*") mentioned in the "From:", "Sender:", "Authorized:", and
>"X-Cancelled-By:" headers, quoting the unauthenticated cancel and the Path's as
>seen at many different sites that forwarded the cancels. This way, if the
>unauthenticated cancel is indeed forged, its author will see within hours that
>it has been fraudulently cancelled _and_ will automatically receive enough
>"Path:" samples from all over the world to see where it was posted, by
>comparing the "Path:" headers in several forwarded copies.

I can post a handful of articles and forge the From line, and create my
own Cancel-lock headers by "rolling the dice."  I can then get their mailbox
bombed by forging cancels.  A little more complicated then "sendsys-bombing"
but not much more so.
	/r$