1996-01-13 - Novel use of Usenet and remailers to mailbomb from luzskru@cpcnet.com

Header Data

From: Bryce <wilcoxb@nagina.cs.colorado.edu>
To: cypherpunks@toad.com
Message Hash: 80c751b3e6db34ddde360516bdf4c84f11905992213043d7d8527bd165588357
Message ID: <199601130017.RAA20992@nagina.cs.colorado.edu>
Reply To: <v02120d00ad1c6796463d@[199.0.65.105]>
UTC Datetime: 1996-01-13 00:34:47 UTC
Raw Date: Sat, 13 Jan 1996 08:34:47 +0800

Raw message

From: Bryce <wilcoxb@nagina.cs.colorado.edu>
Date: Sat, 13 Jan 1996 08:34:47 +0800
To: cypherpunks@toad.com
Subject: Novel use of Usenet and remailers to mailbomb from luzskru@cpcnet.com
In-Reply-To: <v02120d00ad1c6796463d@[199.0.65.105]>
Message-ID: <199601130017.RAA20992@nagina.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 An entity calling itself ABostick allegedly wrote:
>
> Somebody, too clever for their own good by half, has come up with a
> novel way of using Usenet and anonymous remailers to perpetrate
> mailbombs.  The M.O. is to post a message to the naked-lady newsgroups
> saying "get pics in your mailbox! send this message to this address!),
> giving the email address of a cypherpunk-style anonymous remailer and
> including a pgp-encrypted message block.

<snip>

> Cypherpunks:  is there any way to respond to, or prevent, this sort of
> attack short of actually shutting down the remailer?
> 
> What comes to my mind is the remailer operator grepping for a character
> string of ASCII-armored cyphertext from the known attack message and
> throwing messages containing it into the bit-bucket.  It is highly
> unlikely that this would appear in any message except the attack
> message.  The problem with this is that it works only for a known attack
> message -- it can shut down an ongoing attack, but it can't prevent new
> ones.


You could have remailers clamp down on multiple copies of the 
same message, but that is easily countered by convincing the
UseNet stupes to insert their e-mail address or something.


In general there is no way to prevent this kind of mail-bombing
without compromising anonymity.


By the way Alan--your message failed PGP verification.  
I received it by way of Bob Hettinga's "e$pam" list.  While
Hettinga gets double-plus good points for content, his
technical performance as a list operator is lacking.


Which is to say: the message might have gotten munged by the
"e$pam" list processor.


Regards,

Bryce

PGP sig follows



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMPb5w/WZSllhfG25AQGtPwQAgoxim084bbBkXIQyhePSY63HttrqFZg9
JGJjbKBMc6fHgI+gylEEAhl75wVUgq5jKPJcHVfY23XVS4wfPRu+CIx8uHhVm9xB
limA3BUscRutWsSXXe+tkKtyA97xUjpAMHpaE729pGeRForHEdpkRFb5jC3DjofX
lNpRuRQ9+VE=
=CyXg
-----END PGP SIGNATURE-----





Thread