[37844] in North American Network Operators' Group
RE: Stealth Blocking
daemon@ATHENA.MIT.EDU (Roeland Meyer)
Thu May 24 23:20:14 2001
Message-ID: <9DC8BBAD4FF100408FC7D18D1F0922860E468A@condor.mhsc.com>
From: Roeland Meyer <rmeyer@mhsc.com>
To: 'Mitch Halmu' <mitch@netside.net>,
Matt Cramer <mscramer@armstrong.com>
Cc: nanog@merit.edu
Date: Thu, 24 May 2001 17:49:54 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Errors-To: owner-nanog-outgoing@merit.edu
> From: Mitch Halmu [mailto:mitch@netside.net]
> Sent: Thursday, May 24, 2001 2:48 PM
>
> On Thu, 24 May 2001, Matt Cramer wrote:
> I will give you a solid reason why we won't try this, quoting
> research
> with POP-before-SMTP conducted by the founder of MAPS TSI,
> Chip Rosenthal
> http://users.laserlink.net/~chip/relay-pres-9910/
>
> You don't have to believe me that our clients will not accept
> that, take
> his words instead:
>
> "Our users hated it - particularly those using MS Outlook"
>
> No need to describe what happens when your clients hate your
> service...
On that same page, I found this very interesting. The part about false
positive, to normal relay testing, got my attention.
Guys, there are more cases that may look like an open relay, but really
aren't.
<quote>
Escalating Credentials
Curently deployed in Laser Link network
Amalgamation of two mechanisms:
POP-before-SMTP
Rate limiting
Count mail from originating IP address
...
Disadvantages:
Complex implementation
Will users accept upper limit?
False positive to conventional relay testing
</quote>
