[46114] in North American Network Operators' Group
Re: vipul's razor
daemon@ATHENA.MIT.EDU (Jeff Mcadams)
Thu Mar 14 10:59:24 2002
Date: Thu, 14 Mar 2002 10:58:32 -0500
From: Jeff Mcadams <jeffm@iglou.com>
To: "Petr M. Swedock" <petr@MIT.EDU>
Cc: ckotso@grnet.gr, nanog@merit.edu
Message-ID: <20020314105831.B20158@iglou.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200203141541.KAA26181@nerd-xing.mit.edu>; from petr@MIT.EDU on Thu, Mar 14, 2002 at 10:41:55AM -0500
Errors-To: owner-nanog-outgoing@merit.edu
Also sprach Petr M. Swedock
>Is't possible to use this to 'poison' the catalogue: that is to say,
>how easy is it to create a denial-of-service for legitimate mail?
I'm not an expert on how Vipul's Razor does its cataloguing, but I
suspect its quite easy to do so, yes.
The man page (perldoc) for razor-report shows you how to set up a
"trolling" address that auto-submits every received email via
razor-report. Simply subscribe an address set up that way to BUGTRAQ or
other mailing lists and every BUGTRAQ post (or whatever list its
subscribed to) would be auto-submitted to razor as spam.
Then for the other people on the list that are using
razor-check...whether the post would get flagged as spam would be a race
condition...do you get your copy before the trolling address gets its
copy and gets it submitted to the catalogue?
I think the idea of the razor is good...but needs some
refinement...maybe ability to set a threshold on the number of reports
needed to flag something as spam?
--
Jeff McAdams Email: jeffm@iglou.com
Head Network Administrator Voice: (502) 966-3848
IgLou Internet Services (800) 436-4456
