vipul's razor

Jeff Mcadams jeffm at iglou.com
Thu Mar 14 15:58:32 UTC 2002


Also sprach Petr M. Swedock
>Is't possible to use this to 'poison' the catalogue: that is to say,
>how easy is it to create a denial-of-service for legitimate mail?

I'm not an expert on how Vipul's Razor does its cataloguing, but I
suspect its quite easy to do so, yes.

The man page (perldoc) for razor-report shows you how to set up a
"trolling" address that auto-submits every received email via
razor-report.  Simply subscribe an address set up that way to BUGTRAQ or
other mailing lists and every BUGTRAQ post (or whatever list its
subscribed to) would be auto-submitted to razor as spam.

Then for the other people on the list that are using
razor-check...whether the post would get flagged as spam would be a race
condition...do you get your copy before the trolling address gets its
copy and gets it submitted to the catalogue?

I think the idea of the razor is good...but needs some
refinement...maybe ability to set a threshold on the number of reports
needed to flag something as spam?
-- 
Jeff McAdams                            Email: jeffm at iglou.com
Head Network Administrator              Voice: (502) 966-3848
IgLou Internet Services                        (800) 436-4456



More information about the NANOG mailing list