[50239] in North American Network Operators' Group
RE: Security of DNSBL spam block systems
daemon@ATHENA.MIT.EDU (Phil Rosenthal)
Tue Jul 23 02:31:50 2002
Reply-To: <pr@isprime.com>
From: "Phil Rosenthal" <pr@isprime.com>
To: "'Big_Bandwidth'" <big_bandwidth@hotmail.com>, <nanog@nanog.org>
Date: Tue, 23 Jul 2002 02:29:15 -0400
In-Reply-To: <DAV20tKGb52yk58vG9G0000fae3@hotmail.com>
Errors-To: owner-nanog-outgoing@merit.edu
This is a multi-part message in MIME format.
------=_NextPart_000_001A_01C231F0.BE22F7F0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
IMHO Even the really large DNSBL's are barely used -- I think (much)
less than 5% of total human mail recipients are behind a mailserver that
uses one...
--Phil
-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of
Big_Bandwidth
Sent: Tuesday, July 23, 2002 2:14 AM
To: nanog@nanog.org
Subject: Security of DNSBL spam block systems
What are the security implications of someone hacking a DNSBL
(Real-time-spam-block-list) and changing the block list to include (deny
email from) some very large portion or all IPv4 space?
Given that a signifigant number of the spam blocking lists seem to
operate on a shoestring budget in someone's basement, how can we be
assured that they have sufficient resources to secure their systems
adequatley, and monitor for intrusion 24x7?
Unless I am missing something, this would seem to be a real handy and
centralized method for someone to interfere substantially with the
proper operation of a few thousand email servers and hold up global
email traffic for a few hours.
-BB
------=_NextPart_000_001A_01C231F0.BE22F7F0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<TITLE>Message</TITLE>
<META content=3D"MSHTML 6.00.2800.1050" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><SPAN class=3D491152806-23072002><FONT face=3DArial color=3D#0000ff =
size=3D2>IMHO=20
Even the really large DNSBL's are barely used -- I think (much) less =
than 5% of=20
total human mail recipients are behind a mailserver that uses=20
one...</FONT></SPAN></DIV>
<DIV><SPAN class=3D491152806-23072002><FONT face=3DArial color=3D#0000ff =
size=3D2>--Phil</FONT></SPAN></DIV>
<BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px">
<DIV></DIV>
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr =
align=3Dleft><FONT=20
face=3DTahoma size=3D2>-----Original Message-----<BR><B>From:</B>=20
owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] <B>On Behalf Of=20
</B>Big_Bandwidth<BR><B>Sent:</B> Tuesday, July 23, 2002 2:14 =
AM<BR><B>To:</B>=20
nanog@nanog.org<BR><B>Subject:</B> Security of DNSBL spam block=20
systems<BR><BR></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>
<DIV><FONT face=3DArial size=3D2>What are the security implications of =
someone=20
hacking a DNSBL (Real-time-spam-block-list) and changing the block =
list to=20
include (deny email from) some very large portion or all IPv4=20
space? </FONT></DIV>
<DIV> </DIV>
<DIV>Given that a signifigant number of the spam blocking lists seem =
to=20
operate on a shoestring budget in someone's basement, how can we be =
assured=20
that they have sufficient resources to secure their systems =
adequatley, and=20
monitor for intrusion 24x7?</DIV>
<DIV> </DIV>
<DIV>Unless I am missing something, this would seem to be a real handy =
and=20
centralized method for someone to interfere =
substantially with=20
the proper operation of a few thousand email servers and hold up =
global email=20
traffic for a few hours.</DIV>
<DIV> </DIV>
<DIV>-BB</DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV></FONT></DIV></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_001A_01C231F0.BE22F7F0--
