Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: vipul's razor

  • From: Jeff Mcadams
  • Date: Thu Mar 14 11:01:18 2002

Also sprach Petr M. Swedock
>Is't possible to use this to 'poison' the catalogue: that is to say,
>how easy is it to create a denial-of-service for legitimate mail?

I'm not an expert on how Vipul's Razor does its cataloguing, but I
suspect its quite easy to do so, yes.

The man page (perldoc) for razor-report shows you how to set up a
"trolling" address that auto-submits every received email via
razor-report.  Simply subscribe an address set up that way to BUGTRAQ or
other mailing lists and every BUGTRAQ post (or whatever list its
subscribed to) would be auto-submitted to razor as spam.

Then for the other people on the list that are using
razor-check...whether the post would get flagged as spam would be a race
condition...do you get your copy before the trolling address gets its
copy and gets it submitted to the catalogue?

I think the idea of the razor is good...but needs some
refinement...maybe ability to set a threshold on the number of reports
needed to flag something as spam?
-- 
Jeff McAdams                            Email: jeffm@iglou.com
Head Network Administrator              Voice: (502) 966-3848
IgLou Internet Services                        (800) 436-4456




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.