[62921] in North American Network Operators' Group
Re: monkeys.dom UPL being DDOSed to death
daemon@ATHENA.MIT.EDU (Jack Bates)
Wed Sep 24 09:56:57 2003
Date: Wed, 24 Sep 2003 08:56:28 -0500
From: Jack Bates <jbates@brightok.net>
To: "Geo." <georger@getinfo.net>
Cc: Jason Slagle <raistlin@tacorp.net>,
Raymond Dijkxhoorn <raymond@prolocation.net>, nanog@merit.edu
In-Reply-To: <00ea01c38239$1827bcb0$231a90d8@NTAUTHORITY>
Errors-To: owner-nanog-outgoing@merit.edu
Geo. wrote:
>
> Blacklists are just one kind of filter. If we could load software that
> allowed us to forward spams caught by other filters into it and it
> maintained a DNS blacklist we could have our servers use, we wouldn't need
> big public rbl's, everyone doing any kind of mail volume could easily run
> their own IF THE SOFTWARE WAS AVAILABLE. A distributed solution for a
> distributed problem.
>
The benefit of using a blacklist like monkeys or ordb is that there is
only one removal process for all the mail servers. The issue is that
when the webserver is dDOS'd, it is very hard for people to get removed.
Running local blacklists on common themes (such as open proxy/open
relay) has the same issue. Yes, one can blacklist the site, but how do
you get it delisted once the problem is fixed?
I had openrbl.org in my rejections for awhile so that people could find
all the blacklists that they were on. Since the dDOS of openrbl, I've
had to change it to my local scripts which don't cover near what openrbl
did.
-Jack
