[46348] in North American Network Operators' Group
Re: Odd spam / virus - comments ?
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue Mar 26 11:24:25 2002
Message-Id: <200203261623.g2QGNXm8024796@foo-bar-baz.cc.vt.edu>
To: "Steven M. Bellovin" <smb@research.att.com>
Cc: Peter Galbavy <peter.galbavy@knowtion.net>, nanog@nanog.org
In-Reply-To: Your message of "Tue, 26 Mar 2002 09:13:08 EST."
<20020326141308.6ABC07B4B@berkshire.research.att.com>
From: Valdis.Kletnieks@vt.edu
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_-1323598714P";
micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Tue, 26 Mar 2002 11:23:33 -0500
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_-1323598714P
Content-Type: text/plain; charset=us-ascii
On Tue, 26 Mar 2002 09:13:08 EST, "Steven M. Bellovin" said:
> There are worms out there (such as Nimda.E) that use Outlook address books
> not just for lists of victims, but also as "From:" addresses. In other
> words, your involvement might be having sent email to someone else who
> is infected.
An important addendum here - "having sent mail" includes posting to a mailing
list that has a subscriber. I've gotten a lot of complaints because the
actual perpetrator was a subscriber to NANOG or IETF or one of the many
SecurityFocus mailing lists I post to. And once you take the union of
*all* those lists, you start hitting the "birthday paradox" - it becomes
*very* likely that if you and the recipient know each other (by virtue
of being in the computer industry) that a third party has seen mail from
both of you.
Another way to look at it is that the "6 degrees" game can easily drop
2 or 3 degrees *really* fast if you allow "A and B both subscribe to the
same mailing list" as a connection.
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
--==_Exmh_-1323598714P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQE8oKCFcC3lWbTT17ARAuCGAJ9gUa7Y9A1C7AELMo/WLbQ/wi099wCg4Tfm
vj1BH0rt7ekUN3LTaNjFqPI=
=IdOE
-----END PGP SIGNATURE-----
--==_Exmh_-1323598714P--
