Vernon Schryver’s FUSSP is still relevant since what, 2000 or so?

--srs

From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Richard Clayton <richard@highwayman.com>
Sent: Friday, May 1, 2020 6:28:42 AM
To: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net>
Subject: Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
 
In message <DB7PR10MB215431CFDAB4554CBF6F9E85D6AA0@DB7PR10MB2154.EURPRD1
0.PROD.OUTLOOK.COM>, Elad Cohen <elad@netstyle.io> writes

>    if I will have the honor of being
>    elected to the Ripe Board I will

[...]

>    At the source BGP router, for any ip packet with a source address
>    that is from the network of the source BGP router (lets call it
>    original ip packet) - the source BGP router will create a new ip
>    packet (lets call it tracking ip packet) with a new transport layer
>    protocol and with the same source address and with the same
>    destination address and with the same IP-ID such as the original ip
>    packet.

etc

this appears to be a technically inferior adaptation of a 20 year old
proposal from Steve Bellovin

        https://academiccommons.columbia.edu/doi/10.7916/D8FF406R

it got zero traction then because it treats the issue as technical
rather a complex security economics issue. Nothing, in my view, has
changed in twenty years.

>    Automatic prventation of IoT botnet infections:
>
>    - IoT botnets are based on default credentials,

only some of them -- many exploit unpatched insecure protocol
implementations

>    Automatic prventation of botnet C&C ip addresses:
>
>    - Botnets C&C are also a problem in the internet.
>    - This problem can be overcome using the following technical
>    addition: the 5 RIR's will operate end-users honeypots machines all
>    over the world

you should keep up with my academic work on detecting honeypots (we
found around 3000)...  yes they are valuable, no they are not a panacea
(and they are mainly poorly deployed... and we also found that many were
not patched up-to-date [shoemaker's children?])

>    Very soon I will post a single solution to all the following
>    problems: (implementation is fast and easy and I'll be very happy
>    to manage the implementation in case I will be elected to the Ripe
>    Board)
>    * Spoofed ip traffic
>    * Spoofed amplification ddos attacks
>    * BGP&RIR hijacking
>    * IoT botnet infections
>    * Botnet C&Cs

I'm disappointed that you aren't solving the spam problem as well

--
Dr Richard Clayton                               <richard.clayton@cl.cam.ac.uk>
Director, Cambridge Cybercrime Centre                mobile: +44 (0)7887 794090
Computer Laboratory, University of Cambridge, CB3 0FD   tel: +44 (0)1223 763570