Thread: Yet another reason to Hate AOL
View Single Post
  #69  
Old July 7th 04, 03:32 AM
Peter Clark
external usenet poster
  
Posts: n/a
Default
On Mon, 5 Jul 2004 16:31:33 -0700, "Peter Duniho"
wrote:

I'll pop off after this one too unless someone else is really
interested in the discourse.

As far as it not being feasible to inspect Internet traffic as it passes
through your routers, that's just silly. It would require only a completely
insignificant amount of extra overhead to detect traffic containing email,
and then to extract email addresses from that traffic. In any case, if
you're a spammer who has somehow arranged to be involved in routing Internet
traffic, why would you care if there was a little extra overhead? That
would be the whole reason for putting yourself in that position in the first
place.

You don't happen to have some Cisco IOS packetfilter code which would
do this handy do you? I can't seem to craft a filter which examines
and logs packet payload.

Do not underestimate the motivation of spammers to find new, valid email
addresses, or the motivation of people who sell email addresses to spammers
to do the same.

I don't underestimate the motivation. I believe that most of the viri
and other addressbook copying and attacking exploits are done for the
purposes of gathering addresses, as well as phising/fishing, looking
at usenet, forum boards, etc etc etc. I also believe that purchasing
highly expensive OC192+ links and becoming a/convincing the existing
tier 1 and 2 providers that you are now another tier 1 or 2 ISP which
they should pass their traffic through, just for the purpose of
examining the relatively small subset of that payload which is an
email containing addresses (which are likely more invalid than valid
because they're forged addresses sourced from other spammers) is a
long, hard, and expensive way to go about getting addresses with
other, easier alternatives available to them.

I think it's pretty funny that the big debate here has been the question of
whether it's possible to pull email addresses from email as it's routed
across the Internet (which, IMHO, is obviously possible...ANY traffic can be
monitored by a party with enough interest and motivation), while NO ONE ELSE
has bothered to comment on whether using the bcc field actually hides email
addresses from those who would pull email addresses from email as it's
routed across the Internet.

If they can't snif the payload it doesn't matter whether the address
is in the to: or bcc: fields. If they can snif the payload, they're
likely using a grep-like thing parsing for /net/org/etc and it
doesn't matter if you're using to: or bcc:. If you can provide me
with a filter I can put in my v12 Cisco IOS router which will read
email payload as it goes through the box, without making it's CPU go
to 100% and crashing my core , I'll concede that a router can be used
to pull addresses from email in transit through backbone links, but I
tend to doubt they would have the financial resources to set up a
major backbone ISP with high-capacity transit links, just to front an
email-address gathering operation.