[122796] in North American Network Operators' Group
Re: Spamhaus...
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Sun Feb 21 14:17:33 2010
From: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <3c3e3fca1002211001r3a0705f6l13e831e51dad85fa@mail.gmail.com>
Date: Sun, 21 Feb 2010 14:16:58 -0500
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Feb 21, 2010, at 1:01 PM, William Herrin wrote:
> On Sun, Feb 21, 2010 at 9:10 AM, Rich Kulawiec <rsk@gsp.org> wrote:
>> Hint: nothing stops the spammers from pointing the MX records for =
their
>> throwaway domains at somebody else's mail servers. Among other =
things.
>> MANY other things, unfortunately.
> Clearly I shouldn't respond to any packets at all. After all, a bad
> actor can originate packets with a forged source address and I
> wouldn't want to abuse your network with unwanted echo-replies,
> syn-acks and rejs.
Bill:
That is actually somewhat correct.
You should not randomly respond to packets at arbitrary rates. If you =
do, you are being a bad Netizen for exactly this reason. See things =
like amplification attacks for why.
Of course, if you can get proper responses, say TCP sequence numbers, =
proving the other side really is talking to you, then that limitation is =
removed.
--=20
TTFN,
patrick
