This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
- Previous message (by thread): [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
- Next message (by thread): [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Richard Clayton
richard at highwayman.com
Fri May 1 02:58:42 CEST 2020
In message <DB7PR10MB215431CFDAB4554CBF6F9E85D6AA0 at DB7PR10MB2154.EURPRD1 0.PROD.OUTLOOK.COM>, Elad Cohen <elad at netstyle.io> writes > if I will have the honor of being > elected to the Ripe Board I will [...] > At the source BGP router, for any ip packet with a source address > that is from the network of the source BGP router (lets call it > original ip packet) - the source BGP router will create a new ip > packet (lets call it tracking ip packet) with a new transport layer > protocol and with the same source address and with the same > destination address and with the same IP-ID such as the original ip > packet. etc this appears to be a technically inferior adaptation of a 20 year old proposal from Steve Bellovin https://academiccommons.columbia.edu/doi/10.7916/D8FF406R it got zero traction then because it treats the issue as technical rather a complex security economics issue. Nothing, in my view, has changed in twenty years. > Automatic prventation of IoT botnet infections: > > - IoT botnets are based on default credentials, only some of them -- many exploit unpatched insecure protocol implementations > Automatic prventation of botnet C&C ip addresses: > > - Botnets C&C are also a problem in the internet. > - This problem can be overcome using the following technical > addition: the 5 RIR's will operate end-users honeypots machines all > over the world you should keep up with my academic work on detecting honeypots (we found around 3000)... yes they are valuable, no they are not a panacea (and they are mainly poorly deployed... and we also found that many were not patched up-to-date [shoemaker's children?]) > Very soon I will post a single solution to all the following > problems: (implementation is fast and easy and I'll be very happy > to manage the implementation in case I will be elected to the Ripe > Board) > * Spoofed ip traffic > * Spoofed amplification ddos attacks > * BGP&RIR hijacking > * IoT botnet infections > * Botnet C&Cs I'm disappointed that you aren't solving the spam problem as well -- Dr Richard Clayton <richard.clayton at cl.cam.ac.uk> Director, Cambridge Cybercrime Centre mobile: +44 (0)7887 794090 Computer Laboratory, University of Cambridge, CB3 0FD tel: +44 (0)1223 763570 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 185 bytes Desc: not available URL: </ripe/mail/archives/anti-abuse-wg/attachments/20200501/bfcce481/attachment.sig>
- Previous message (by thread): [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
- Next message (by thread): [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]