[37815] in North American Network Operators' Group
Re: Stealth Blocking
daemon@ATHENA.MIT.EDU (Eric A. Hall)
Thu May 24 16:39:17 2001
Message-ID: <3B0D53E8.144422FD@ehsco.com>
Date: Thu, 24 May 2001 11:33:13 -0700
From: "Eric A. Hall" <ehall@ehsco.com>
MIME-Version: 1.0
To: Dave Rand <dlr@bungi.com>
Cc: nanog@merit.edu
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
> Last week, I got one spam ("get a free motorola pager") which came
> through 168 different open relays, bound for 4428 different recipients
I just peeked in my trash folder, and 6 out of the last 10 spams that I
received were sent directly from dial-up spam blowers.
Certainly we can agree that there are many paths spammers will take. If
rate-limiting eliminates/curbs the throwaway dial-up abusers, then surely
it is an effective tool in the fight. I'm not calling a cure-all.
> That's why I think that port 25 blocking is the only way. That, and
> closing open relays, of course.
I would say that default blocking of port 25 is a good position to take,
but you can't deny that has its own problems. For one thing, the
exceptions become the rule. I've noticed a trend in spam from small
businesses, cable users, etc., many of whom are behind non-throwaway
lines. Going to a model where "legitimate" users are unfiltered doesn't
stop all spam, it only delays it at best.
In this regard, rate-limiting and port-blocks are just tools in the belt,
neither of them is perfect.
--
Eric A. Hall http://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
