[37807] in North American Network Operators' Group
Re: Stealth Blocking
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Thu May 24 14:37:01 2001
Message-Id: <200105241802.f4OI2UP01864@foo-bar-baz.cc.vt.edu>
To: "Eric A. Hall" <ehall@ehsco.com>
Cc: nanog@merit.edu
In-Reply-To: Your message of "Thu, 24 May 2001 09:46:19 PDT."
<3B0D3ADB.F4B4F529@ehsco.com>
From: Valdis.Kletnieks@vt.edu
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_-710251392P";
micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Thu, 24 May 2001 14:02:30 -0400
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_-710251392P
Content-Type: text/plain; charset=us-ascii
On Thu, 24 May 2001 09:46:19 PDT, "Eric A. Hall" said:
> TCP rate-limiting on outbound traffic to *:25 would also be extremely
> effective, particularly on unclassified customer traffic, and without the
> heavy-handed nature of denying all dial-up traffic. Rate-limiting doesn't
> interfere with low-volume legitimate mail, but it really cramps spam.
I've seen a number of opinions that it doesn't do squat to cramp spam.
Remember that the spammer is handing the "open" relay one piece of mail
with zillions of RCPT TO:s - rate limiting the outbound just means that
the zillions of recipients sit in *your* queue that much longer. Also,
I have heard from multiple sources that the spammers are well clued
enough to utilize multiple relays in parallel - if you rate limit to
1/N of bandwidth, they just use N relays at the same time. The problem
is that you shoot YOURSELF in the foot by DOS'ing yourself by the time
you get N cranked high enough to do any serious damage to the spammer....
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
--==_Exmh_-710251392P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Exmh version 2.2 06/16/2000
iQA/AwUBOw1MtnAt5Vm009ewEQK0QACfTCn3aDJFIJE/1se91OBtbIEh78YAoL/i
QxZuLUBQYj/B74UhsjNT55z5
=sFjX
-----END PGP SIGNATURE-----
--==_Exmh_-710251392P--
