[52157] in North American Network Operators' Group
Re: How do you stop outgoing spam?
daemon@ATHENA.MIT.EDU (Brad Knowles)
Tue Sep 17 14:24:23 2002
In-Reply-To: <20020917175118.48A3AA@proven.weird.com>
Date: Tue, 17 Sep 2002 20:22:50 +0200
To: woods@weird.com (Greg A. Woods)
From: Brad Knowles <brad.knowles@skynet.be>
Cc: Brad Knowles <brad.knowles@skynet.be>, nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
At 1:51 PM -0400 2002/09/17, Greg A. Woods wrote:
> No, Dave's second sentence is not true, thus his conclusion is bogus.
Dave was talking about "normal" TCP connections, and I was
following the same model.
If you're talking about hi-jacking the TCP connection, then you
are correct.
> If you're talking about commercially available product, perhaps....
>
> However this kind of thing is trivial with basic IPsec gateways and
> simple filtering ala IP Filter, etc.
How many ISPs use IPsec gateways and simple filtering with tools
like IP filter? How scalable is this sort of thing? Could AOL do it
with dozens or hundreds of OC-48 and OC-96 links? How long would it
take to fix all the ISPs in the world that might potentially do
transparent proxying of port 25? And where is the intelligence to
selectively forward only those connections that are themselves
encrypted and authenticated?
--
Brad Knowles, <brad.knowles@skynet.be>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E W+++(--) N+ !w---
O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
