[90797] in North American Network Operators' Group
Re: Interesting new spam technique - getting a lot more popular.
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Wed Jun 14 13:57:47 2006
In-Reply-To: <B6621ED4D0AD394BBA73CA657DFD8976D508F5@MSPEXBE01.wamnet.inc>
Cc: "Patrick W. Gilmore" <patrick@ianai.net>
From: "Patrick W. Gilmore" <patrick@ianai.net>
Date: Wed, 14 Jun 2006 13:57:13 -0400
To: NANOG <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
On Jun 14, 2006, at 1:53 PM, Church, Chuck wrote:
> Since this technique requires a IPinIP or GRE tunnel, wouldn't
> blocking
> these two protocols to/from the hosts be sufficient? Assuming of
> course
> the customer's host isn't using that normally.
Unfortunately, that probably won't work for very long, if at all.
First, it's kinda difficult to guarantee your customers will not use
a protocol.
Second, unless you have deep packet inspection, what is to stop the
spammer from using, say, port 80 for their tunnel?
Third, what's to stop them from using SSH tunnels?
Etc., etc., etc....
--
TTFN,
patrick
