Vernon Schryver’s FUSSP is still relevant since what, 2000 or so?
--srs
________________________________
From: anti-abuse-wg <anti-abuse-wg-boun...@ripe.net> on behalf of Richard
Clayton <rich...@highwayman.com>
Sent: Friday, May 1, 2020 6:28:42 AM
To: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net>
Subject: Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of
"abuse-mailbox")
In message <DB7PR10MB215431CFDAB4554CBF6F9E85D6AA0@DB7PR10MB2154.EURPRD1
0.PROD.OUTLOOK.COM>, Elad Cohen <e...@netstyle.io> writes
> if I will have the honor of being
> elected to the Ripe Board I will
[...]
> At the source BGP router, for any ip packet with a source address
> that is from the network of the source BGP router (lets call it
> original ip packet) - the source BGP router will create a new ip
> packet (lets call it tracking ip packet) with a new transport layer
> protocol and with the same source address and with the same
> destination address and with the same IP-ID such as the original ip
> packet.
etc
this appears to be a technically inferior adaptation of a 20 year old
proposal from Steve Bellovin
https://academiccommons.columbia.edu/doi/10.7916/D8FF406R
it got zero traction then because it treats the issue as technical
rather a complex security economics issue. Nothing, in my view, has
changed in twenty years.
> Automatic prventation of IoT botnet infections:
>
> - IoT botnets are based on default credentials,
only some of them -- many exploit unpatched insecure protocol
implementations
> Automatic prventation of botnet C&C ip addresses:
>
> - Botnets C&C are also a problem in the internet.
> - This problem can be overcome using the following technical
> addition: the 5 RIR's will operate end-users honeypots machines all
> over the world
you should keep up with my academic work on detecting honeypots (we
found around 3000)... yes they are valuable, no they are not a panacea
(and they are mainly poorly deployed... and we also found that many were
not patched up-to-date [shoemaker's children?])
> Very soon I will post a single solution to all the following
> problems: (implementation is fast and easy and I'll be very happy
> to manage the implementation in case I will be elected to the Ripe
> Board)
> * Spoofed ip traffic
> * Spoofed amplification ddos attacks
> * BGP&RIR hijacking
> * IoT botnet infections
> * Botnet C&Cs
I'm disappointed that you aren't solving the spam problem as well
--
Dr Richard Clayton <richard.clay...@cl.cam.ac.uk>
Director, Cambridge Cybercrime Centre mobile: +44 (0)7887 794090
Computer Laboratory, University of Cambridge, CB3 0FD tel: +44 (0)1223 763570
