[122962] in North American Network Operators' Group
Re: Spamhaus...
daemon@ATHENA.MIT.EDU (William Herrin)
Wed Feb 24 10:49:47 2010
In-Reply-To: <20100224132159.GA15562@gsp.org>
From: William Herrin <bill@herrin.us>
Date: Wed, 24 Feb 2010 10:48:48 -0500
To: Rich Kulawiec <rsk@gsp.org>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Feb 24, 2010 at 8:21 AM, Rich Kulawiec <rsk@gsp.org> wrote:
> On Sun, Feb 21, 2010 at 10:59:08PM -0600, James Hess wrote:
>> But if the origin domain has not provided SPF records, =A0there are some
>> unusual cases left open, =A0where a bounce to a potentially fake address
>> may still be required.
>
>=A0Nothing stops an
> attacker from using a throwaway domain to send traffic to known
> backscatterers, who will then backscatter it to $throwawaydomain,
> whose MX's are set to $victim's MX's.
So? You, I and everyone else these days are no longer running open
relays. You don't host $throwawaydomain so the session will end at the
rcpt command. If someone merely wants to DDOS your server there are
far easier ways.
Regards,
Bill Herrin
> it's never appropriate to respond
> to abuse with abuse.
>
> ---Rsk
>
>
--=20
William D. Herrin ................ herrin@dirtside.com bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
