Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")

Thu, 30 Apr 2020 18:01:24 -0700 

In message <DB7PR10MB215431CFDAB4554CBF6F9E85D6AA0@DB7PR10MB2154.EURPRD1
0.PROD.OUTLOOK.COM>, Elad Cohen <e...@netstyle.io> writes

>    if I will have the honor of being 
>    elected to the Ripe Board I will

[...]

>    At the source BGP router, for any ip packet with a source address 
>    that is from the network of the source BGP router (lets call it 
>    original ip packet) - the source BGP router will create a new ip 
>    packet (lets call it tracking ip packet) with a new transport layer 
>    protocol and with the same source address and with the same 
>    destination address and with the same IP-ID such as the original ip 
>    packet.

etc

this appears to be a technically inferior adaptation of a 20 year old
proposal from Steve Bellovin

        https://academiccommons.columbia.edu/doi/10.7916/D8FF406R

it got zero traction then because it treats the issue as technical
rather a complex security economics issue. Nothing, in my view, has
changed in twenty years.

>    Automatic prventation of IoT botnet infections:
>
>    - IoT botnets are based on default credentials,

only some of them -- many exploit unpatched insecure protocol
implementations

>    Automatic prventation of botnet C&C ip addresses:
>
>    - Botnets C&C are also a problem in the internet.
>    - This problem can be overcome using the following technical 
>    addition: the 5 RIR's will operate end-users honeypots machines all 
>    over the world 

you should keep up with my academic work on detecting honeypots (we
found around 3000)...  yes they are valuable, no they are not a panacea
(and they are mainly poorly deployed... and we also found that many were
not patched up-to-date [shoemaker's children?])

>    Very soon I will post a single solution to all the following 
>    problems: (implementation is fast and easy and I'll be very happy 
>    to manage the implementation in case I will be elected to the Ripe 
>    Board)
>    * Spoofed ip traffic
>    * Spoofed amplification ddos attacks
>    * BGP&RIR hijacking
>    * IoT botnet infections
>    * Botnet C&Cs

I'm disappointed that you aren't solving the spam problem as well

-- 
Dr Richard Clayton                               <richard.clay...@cl.cam.ac.uk>
Director, Cambridge Cybercrime Centre                mobile: +44 (0)7887 794090
Computer Laboratory, University of Cambridge, CB3 0FD   tel: +44 (0)1223 763570

Attachment: signature.asc
Description: PGP signature

Reply via email to