[65827] in North American Network Operators' Group
Re: Anyone from NeuLeve.bizl listening?
daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Thu Dec 11 21:05:28 2003
Date: Thu, 11 Dec 2003 21:04:46 -0500
From: Suresh Ramasubramanian <suresh@outblaze.com>
To: "Stewart, William C (Bill), RTSLS" <billstewart@att.com>
Cc: nanog@merit.edu
In-Reply-To: <5AFA5A2C102DAB4692ABC1E87E0780CA065AC0F8@OCCLUST02EVS1.ugd.att.com>
Errors-To: owner-nanog-outgoing@merit.edu
Stewart, William C (Bill), RTSLS writes on 12/11/2003 8:37 PM:
> - Personally I like the suggestion that someone had that you
> start serving DNS for the fake names, either pointing to 127.0.0.3
> or to a CNAME pointing to Annoying-spammers-forged-their-DNS-again.com,
> which is some disposable address block on which you run a web site
> and stub email server explaining that it's not your fault.
That was my idea. And I would not recommend the "or" option about
setting a clever sounding DNS record "annoying-spammers-forged-dns".
A lot of skript kiddies are out there with limited to zero email header
reading / DNS skills, who still know just enough to download and launch
rootkits and DoS attacks.
This is an old and time honored tradition to deal with lusers anyway,
kind of like the warez.* "ftp servers" (though one of the more popular
of these, warez.slashdot.org, seems to have found itself a non-localhost
IP some months back) :(
And more to the point, you don't waste your bandwidth dealing with DNS
queries and bounced email hitting your customer's server.
srs
--
srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
manager, outblaze.com security and antispam operations
