The Internet is now the world's most popular network and it is full of potential vulnerabilities. In this series of articles, we explore the vulnerabilities of the Internet and what you can do to mitigate them.
When hearing the word spam, people familiar with the foods made popular beginning in or around World War two get a mental picture of a canned ground-up meat product that can be spread on bread like crunchy peanut butter. But in the Internet, a spam is something quite different.
A spam is loosely defined the flooding of a system with unwanted information. Spams in the form of unwanted and off-topic advertisements are regularly posted to newsgroups and mailing lists, but there are many other forms of spamming available in the Internet, and rarely do sites have adequate anti-spamming defenses.
Perhaps the most publicized spam of all time took the form of the Internet virus of 1988, in which Robert Morris, Jr. caused a virus to enter 60,000 computers uninvited. This is not generally thought of as a spam, but by my loose definition, it fits.
A much more recent series of spams were perpetrated by a party or parties unknown who decided to subscribe the Whitehouse, a Time magazine editor, a New York Times reporter, two 'hacker' publications, MTV, and others to about 2,000 Internet mailing lists. In this case, almost 5,000 new email messages per day were poured into the victim's mail boxes, flooding their systems till they ran out of disk space, and causing all manner of inconvenience. Unless you have an automated unsubscriber program or some other defense, it takes about a week to get unsubscribed, and of course with an automated subscriber program, you can subscribe several people per day to each of these lists from a PC at home.
A different form of spam is the mailing of massive volumes of useless information to a recipient from a single source. For example, one person threatened to email me the complete sources to the GNU Unix system, an activity that would tie up my Internet link for hours and probably run me out of disk space if I didn't have a defense.
Yet another form of a spam is an attack called a DCA (for details of such an attack, you will have to look on our Web server or wait for the journal article to come out). In a DCA, groups of people may force computers at hundreds or even thousands of sites to pester you, or in some cases, to launch serious attacks that are very hard to trace back to their sources.
In the real-world, spams might include forms of harassment such as subscribing you to 5,000 different magazines using "first issue free" offers and the like. I hope you get the idea by now.
The underlying reason we have spams in the Internet is that we don't have good integrity mechanisms. Now at first, this may seem a bit confusing. After all, a spam basically invades your privacy by forcing excessive noise (in an informational sense) on you. You would think that the reason would be a lack of adequate confidentiality protection, but it is integrity that can eliminate spams, not secrecy.
The reason integrity can eliminate many spams is two-fold. It can prevent many spams because it prevents someone claiming to be you from subscribing as you to a mailing list (or 2,000 of them). But even more importantly, it can provide the means to record the source of information, so that when a spam takes place, the person responsible can be easily identified. Once we catch perpetrators and punish them, the number of spams will be dramatically reduced.
Since the Internet has little or no integrity protection built into it, here are some suggestions on how to eliminate many spams from the Internet:
Spams can be a serious problem in the Internet, but there are enough solutions to the most common spams that we don't have to suffer. We do have to plan. Once a spam is underway, it takes a lot of effort to undo the damage unless you were ready and waiting for it.