Slashdot Mirror

← Back to Stories (view on slashdot.org)

Darkmail Attacks - The Next Network Threat?

Posted by Cliff on from the as-if-spam-wasn't-bad-enough dept.

An anonymous reader wonders: "SC Magazine are running an article on the growth of so called Dark Mail Attacks. Whitedust Security appear to have identified this as a potential problem way back in December 2004. Since that time, a marked increase in attacks of this nature, including the recent attacks on the UK Government infrastructure, have been recorded. Are these types of attack a new large scale threat or just a passing fad?"

2 of 58 comments (clear)

  1. Egress Filtering by QuantumRiff · · Score: 2, Interesting
    Is it really so hard to setup egress filtering on your networks? Seriously, if people started allowing their email servers, and only their email servers to send email, then we could eliminate zombies. This is a 2 line entry into an access list on your border router. (heck, be a good net neighbor if your at it. If you're a corporation, do you really need port 135 leaving your network?) This would force Spammers to stop using zombified company machines, and home users on broadband to send hundreds of thousands of emails a minute. (not to mention checking your logs quickly tells you wich machines might be infected and need a visit from a tech)

    Honestly, the thing that gets me is that most firewalls block incoming, but allow all outgoing traffic. Why? Do you want the next virus to hit and email out as an attachment your word documents? They might have trade secrets, or your budget numbers, etc. Do they want an inside machine setting up a "hole" in the firewall to a IRC server? once they establish the connection from the inside, most firewalls will then ignore the stream. Force spammers to use real mail servers so that they can be appropriately blocked.

    I have never had someone give me an intelligent reason on why outgoing port 25 should not be blocked. I've heard the argument about people running email on their broadband connections. (I do, and route outgoing through my ISP's SMTP relay server)

    --

    What are we going to do tonight Brain?
  2. No surprise by metamatic · · Score: 2, Interesting

    I wrote a series of articles in which I mentioned this problem, caused by many approaches to spam filtering. http://www.xciv.org/~meta/Technology/2005-02-14-di smal.html

    Basically, spam is an economic problem. Attempts at a technological solution usually involve filtering spam. Since a filter can never be 100% accurate, as filters are deployed the volume of spam increases. So basically, filters "work" as long as most people aren't using them; once they become widespread, the spam volume goes up and up until the network collapses under the bandwidth load (or we try a different approach).

    As I conclude in my article, attempting to analyze logically from first principles, the only type of solution which will work is an economic one. Unfortunately, most people dismiss economic solutions out of hand. They're too attached to the fundamentally broken economic model of today's e-mail.

    Ironically, the same people often express surprise that the RIAA can't see how broken their economic model is...

    --
    GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak