[94260] in North American Network Operators' Group
Re: Comment spammers chewing blogger bandwidth like crazy
daemon@ATHENA.MIT.EDU (Ian Mason)
Mon Jan 15 10:08:51 2007
In-Reply-To: <Pine.GSO.4.64.0701141919150.13184@clifden.donelan.com>
From: Ian Mason <nanog@ian.co.uk>
Date: Mon, 15 Jan 2007 15:01:58 +0000
To: nanog <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
On 15 Jan 2007, at 00:43, Sean Donelan wrote:
>
> On Sun, 14 Jan 2007, Tony Finch wrote:
>> I would expect the lists of compromised hosts to be fairly
>> effective -
>> open proxies of various kinds and perhaps botnet hosts. As for
>> SMTP the
>> blacklists would only be a starting point that either provide a cheap
>> preliminary check or feed a more sophisticated filtering system.
>
> If you allow anonymous, unauthenticated access to any system it will
> be abused. Auctions, blogs, chat, mail, phone, etc. IP addresses
> have never been good authenticators for applications.
This is not true if you control the IP address space and the routers
around it.
I mention this merely because "IP addresses have never been good
authenticators"
or the like is becoming a truism. For ISPs with good source filtering
in place
then IP addresses ARE good first level authenticators (e.g. filter lists
on management ports). Note: I say FIRST level authenticators; IP
addresses are
obviously not suitable as the whole authentication process.
> Sending confirmation E-mail addresses aren't that much better. And
> blacklists will just continue to grow longer.
>
> How do you know your user?
