1998-01-16 - Re: remailer resistancs to attack

Header Data

From: “Robert A. Costner” <pooh@efga.org>
To: Adam Back <aba@dcs.ex.ac.uk>
Message Hash: f2222e952c32e6c19a34030a169f67cd221b57085bdd222cb0d32b042b70e0e6
Message ID: <3.0.3.32.19980116045037.031a4b40@mail.atl.bellsouth.net>
Reply To: <199801151705.MAA03621@the-great-machine.mit.edu>
UTC Datetime: 1998-01-16 10:05:37 UTC
Raw Date: Fri, 16 Jan 1998 18:05:37 +0800

Raw message

From: "Robert A. Costner" <pooh@efga.org>
Date: Fri, 16 Jan 1998 18:05:37 +0800
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: remailer resistancs to attack
In-Reply-To: <199801151705.MAA03621@the-great-machine.mit.edu>
Message-ID: <3.0.3.32.19980116045037.031a4b40@mail.atl.bellsouth.net>
MIME-Version: 1.0
Content-Type: text/plain



At 01:25 AM 1/16/98 GMT, Adam Back wrote:
>How do we improve the resistance of the remailer network to well
>resourced attackers intent on dismantling it?

An obvious thing to try is to add some more remailers.  300 remailers would
not be immune to simultaneous shutdown by the authorities, but it would
make it more difficult.  A dozen of so remailers makes shutdown fairly simple.

A less obvious thing to try is to get the general windows users to start
making use of remailers.  If Eudora, Pegasus, and Outlook came nym ready
out of the box, with the ease of use of a spell checker, then this would
generate enough traffic to flood the remailer network and require hundreds
of servers.  This idea has it's own problems, but there is not much traffic
on remailers.  One of the busiest remailers in the world still has only
about 3,000 messages per day.  One spammer can send mail to more
destinations in a weekend than the entire remailer network in a year.

Threats to the remailer network come from a few basic places.

  1.  Traditional law enforcement
  2.  Unauthorized law enforcement
  3.  "friends" of message recipients or "friends" of the remailer
  4.  unreliability of the machines that form the network
  5.  Hacking attacks
  6.  Design
  7.  User incompetence

Of the above, the most dangerous in my opinion is "friends".  This is what
shut Balls down.  This is where Cracker gets the worst complaints.  Seldom
do I hear a complaint from a message recipient, more I hear from "I have a
friend who got this message..."  Traditional law enforcement is a quick
call with a thank you I'm dropping this.  While penet shut down after an
investigation, he alluded to the fact that he was just tired of the
hassles.  Weasel did not shut down because of the law, but due to the
desire to not expose his ISP to hassles.

Traditional law enforcement takes so long to investigate, the keys could be
canceled and replaced several times.  In the US I don't think that law
enforcement really cares enough to issue a warrant.  Almost no warrants
have ever been issued for remailers.  Though I would not be surprised to
find that intense extra-legal investigations were done on cases that
involved situations such as Jim Bell's Assassination Politics.

Cracker goes off line for a few hours every month.  We basically never lose
messages, but we can delay some.  We have a downtime between 1.6% and 3% on
the overall average.  This is our remailer only.  Compare this with the
network - we only had 26 minutes of downtime in the last 365 days.
Recently another remailer went down due to a hard drive problem - for a
week or more.  Software and hardware problems are significant issues for
remailers.  Another is incompatibilities in moving data from one mail host
to another.  Every once in awhile machines just become incompatible, often
due to sendmail configurations designed to block spam or provide better
security.

As for hacking attacks, Cracker/EFGA has had some people censured by their
ISP for stuff like spoofing us, mailbombing, and that good 'ole ping thing.
 To be honest, we've never been hurt by it anyway, but we do monitor for
such things.

A significant problem is in design.  The remailer network is not designed
to be robust or fault tolerant.  There is no error notification to the
user.  If your message gets dropped along the way, there is no recovery
system that gets it through another route.  If you misspell your
destination address, or other problem exists, you don't get notified of the
event.

Still for a group of volunteers running software that is patched almost
every week, providing services for free - they don't do a bad job.


  -- Robert Costner                  Phone: (770) 512-8746
     Electronic Frontiers Georgia    mailto:pooh@efga.org  
     http://www.efga.org/            run PGP 5.0 for my public key






Thread