<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body>
<div>
<div>
<div style="direction: ltr;">Vernon Schryver’s FUSSP is still relevant since what, 2000 or so?</div>
</div>
<div><br>
</div>
<div class="ms-outlook-ios-signature">
<div style="direction: ltr;">--srs</div>
</div>
</div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Richard Clayton <richard@highwayman.com><br>
<b>Sent:</b> Friday, May 1, 2020 6:28:42 AM<br>
<b>To:</b> anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net><br>
<b>Subject:</b> Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText">In message <DB7PR10MB215431CFDAB4554CBF6F9E85D6AA0@DB7PR10MB2154.EURPRD1<br>
0.PROD.OUTLOOK.COM>, Elad Cohen <elad@netstyle.io> writes<br>
<br>
> if I will have the honor of being <br>
> elected to the Ripe Board I will<br>
<br>
[...]<br>
<br>
> At the source BGP router, for any ip packet with a source address <br>
> that is from the network of the source BGP router (lets call it <br>
> original ip packet) - the source BGP router will create a new ip <br>
> packet (lets call it tracking ip packet) with a new transport layer <br>
> protocol and with the same source address and with the same <br>
> destination address and with the same IP-ID such as the original ip <br>
> packet.<br>
<br>
etc<br>
<br>
this appears to be a technically inferior adaptation of a 20 year old<br>
proposal from Steve Bellovin<br>
<br>
<a href="https://academiccommons.columbia.edu/doi/10.7916/D8FF406R">https://academiccommons.columbia.edu/doi/10.7916/D8FF406R</a><br>
<br>
it got zero traction then because it treats the issue as technical<br>
rather a complex security economics issue. Nothing, in my view, has<br>
changed in twenty years.<br>
<br>
> Automatic prventation of IoT botnet infections:<br>
><br>
> - IoT botnets are based on default credentials,<br>
<br>
only some of them -- many exploit unpatched insecure protocol<br>
implementations<br>
<br>
> Automatic prventation of botnet C&C ip addresses:<br>
><br>
> - Botnets C&C are also a problem in the internet.<br>
> - This problem can be overcome using the following technical <br>
> addition: the 5 RIR's will operate end-users honeypots machines all <br>
> over the world <br>
<br>
you should keep up with my academic work on detecting honeypots (we<br>
found around 3000)... yes they are valuable, no they are not a panacea<br>
(and they are mainly poorly deployed... and we also found that many were<br>
not patched up-to-date [shoemaker's children?])<br>
<br>
> Very soon I will post a single solution to all the following <br>
> problems: (implementation is fast and easy and I'll be very happy <br>
> to manage the implementation in case I will be elected to the Ripe <br>
> Board)<br>
> * Spoofed ip traffic<br>
> * Spoofed amplification ddos attacks<br>
> * BGP&RIR hijacking<br>
> * IoT botnet infections<br>
> * Botnet C&Cs<br>
<br>
I'm disappointed that you aren't solving the spam problem as well<br>
<br>
-- <br>
Dr Richard Clayton <richard.clayton@cl.cam.ac.uk><br>
Director, Cambridge Cybercrime Centre mobile: +44 (0)7887 794090<br>
Computer Laboratory, University of Cambridge, CB3 0FD tel: +44 (0)1223 763570<br>
</div>
</span></font></div>
</body>
</html>