[52156] in North American Network Operators' Group
Re: How do you stop outgoing spam?
daemon@ATHENA.MIT.EDU (Scott Francis)
Tue Sep 17 14:13:48 2002
Date: Tue, 17 Sep 2002 11:10:40 -0700
From: Scott Francis <darkuncle@darkuncle.net>
To: Eliot Lear <lear@cisco.com>
Cc: nanog@merit.edu
Mail-Followup-To: Scott Francis <darkuncle@darkuncle.net>,
Eliot Lear <lear@cisco.com>, nanog@merit.edu
In-Reply-To: <3D7D47A0.8000609@cisco.com>
Errors-To: owner-nanog-outgoing@merit.edu
--S0GG+JvAI2G0KxBG
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Sep 09, 2002 at 06:15:12PM -0700, lear@cisco.com said:
>=20
> Rafi Sadowsky wrote:
> > Maybe I'm missing something obvious but do how you get rate-limiting per
> >TCP *flow* with Cisco IOS ?
>=20
> There is something called flow-based RED (FRED) but it consumes a whole=
=20
> lot of memory because you have to keep track of lots more state. I=20
> don't know about that code. At the least what you can do is use the=20
> rate-limit command and rate limit *all* outbound TCP/80 traffic (or for=
=20
> that matter all access-list captured traffic). Now, doing so will make=
=20
> any but the most trivial outbound TCP/80 absolutely painful, and will=20
> cause tail drop. See Cathy Wittbrodt's work in this space, which was=20
> presented at NANOG some time ago.
>=20
> Note, I'm not saying you should *do* this. It may be going a bit too=20
> far for anti-spam.
Exactly. If operators as a group would just take the most elementary of ste=
ps
to decrease spam (along the lines Paul suggested), the effects would be so
significant that I think we wouldn't be worrying about HTTP spam traffic (at
least for the time being). The fraction of spam traffic that runs over HTTP
rather than SMTP is, I suspect, rather small.
If anybody has numbers on this, I'd be interested in hearing them one way or
the other.
--=20
-=3D Scott Francis || darkuncle (at) darkuncle (dot) net =3D-
GPG key CB33CCA7 has been revoked; I am now 5537F527
illum oportet crescere me autem minui
--S0GG+JvAI2G0KxBG
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
iD8DBQE9h3AfWaB7jFU39ScRAu+eAJ4pjKJAPpTuItOLX+3PTh1kGfPnKACcCMVv
A/J5PdlVuzF/SuKJnUIUGuM=
=hRZt
-----END PGP SIGNATURE-----
--S0GG+JvAI2G0KxBG--
