Chey Cobb web site

 

Index for Chey Cobb
Articles and books by Chey Cobb
Hobbies of Chey Cobb's
Pictures from Chey Cobb
Contact for Chey Cobb

   
 
Chey Cobb
  
   

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 
 

Newsscan Computer Security Column
Stephen Cobb, CISSP and Chey Cobb, CISSP

Unforseen Problems with Spam and Spam Filters

In recent columns we have talked about a somewhat neglected aspect of information security: availability. When you experience an inability to use your information or the systems on which it resides, that's a lack of availability. A few weekends ago, Bank of America customers experienced a highly publicized lack of availability when they couldn't use the bank's ATM system. In honor of Valentine's Day we want to get more personal, with an example of one spouse being rendered electronically unavailable to the other.


In the Bank of America case, nobody set out to prevent people getting to their money, it was a side-effect of an Internet worm. However, in recent years there have been a number of high profile incidents in which someone did set out to attack the availability of a particular system. This is known as a Denial of Service attack (DoS) and it can be very costly for the target, but relatively cheap and risk-free for the attacker. For example, it was three years ago this week that DoS attacks hit Yahoo, eBay, Amazon.com, eTrade, and Buy.com, costing them millions of dollars in lost business.


Aside from the high profile cases, there are hundreds, maybe even thousands of DoS attacks happening every day. However, many of these are not the result of hacking, but of spamming, the mass emailing of that unsolicited commercial email we refer to as spam. The root cause of spamming is something my colleague Vincent Schiavone has described as "the parasitic economics of spam."


The purpose of spam is to get X responses within Y days, which is accomplished by sending Z messages (a response might be a product sale, a sales lead, or a visit to Web site, all which can earn the spammer money). The economics of spam are parasitic because the cost of spamming is borne by the entities that deliver and receive the messages (hosts) as opposed to the spammer (parasite). It costs a spammer no more to send ten million messages than it does to send ten thousand, so the best way to get a larger X within a shorter Y is to increase Z, and preferably M, which is the rate per second at which you send the messages.


The result is a flood of messages, described to us by several ISPs as being "just like a denial of service attack." These attacks are becoming more frequent, for reasons we will explain, and they don't just afflict ISPs. Corporate mail servers can also become victims. One reason is the increased use filtering software to block spam, negatively impacting X. The spammers' response is to boost Z. This brings some spammers up against N, the number of email addresses known to them. The response is a brute force attack, sending the same message to all possible email addresses at a particular domain (quite literally working from aaa@isp.net to aab@isp.net, aac@isp.net and so on).


Because some organizations are now taking aggressive anti-spam action, like tracking down and prosecuting spammers, Y becomes more crucial, resulting in a need to boost M. The result: a virtual tsunami of email. And as more ISPs suspend or cancel accounts that are found to be spamming, we see more spammers simply stealing emailing services from wherever they can.


Which bring us to the Valentine's Day connection. Stephen recently sent an email to Chey, only to have it bounce back with this message: "Access Denied." In other words, he experienced an availability problem, one that turned out to be spam-induced. That's because some ISPs have responded to spam attacks by aggressively blocking messages from sources that are reported to be spewing spam. Chey's ISP had decided to block all email from bellsouth.net, which is Stephen's ISP, based on BellSouth's alleged failure to close a loophole on its servers through which spam was spewing.


In fact, more and more ISPs are doing this, and doing it so often that they don't even tell their users, So, out of the blue, anyone who sent messages to any account at Chey's ISP, via bellsouth.net, was told "Access Denied." In short, the virtual part of our relationship had become collateral damage in the war against spam.


You may have read reports of collateral spam damage experienced by mailing lists, newsletters and the like, electronic mailings blocked despite the fact that the recipients have asked to receive them. But individuals are finding that they too can become collateral damage, their established means of communication abruptly cut off. While we deeply sympathize with every ISP who is faced with spam DoS attacks, we think there has to be a better way of dealing with the problem, one that doesn't come between lovers.

 

  


©2003 Chey Cobb. All rights reserved.
chey@patriot.net
FAQs Contact Us