How do you stop outgoing spam?
Brad Knowles
brad.knowles at skynet.be
Tue Sep 17 18:22:50 UTC 2002
At 1:51 PM -0400 2002/09/17, Greg A. Woods wrote:
> No, Dave's second sentence is not true, thus his conclusion is bogus.
Dave was talking about "normal" TCP connections, and I was
following the same model.
If you're talking about hi-jacking the TCP connection, then you
are correct.
> If you're talking about commercially available product, perhaps....
>
> However this kind of thing is trivial with basic IPsec gateways and
> simple filtering ala IP Filter, etc.
How many ISPs use IPsec gateways and simple filtering with tools
like IP filter? How scalable is this sort of thing? Could AOL do it
with dozens or hundreds of OC-48 and OC-96 links? How long would it
take to fix all the ISPs in the world that might potentially do
transparent proxying of port 25? And where is the intelligence to
selectively forward only those connections that are themselves
encrypted and authenticated?
--
Brad Knowles, <brad.knowles at skynet.be>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E W+++(--) N+ !w---
O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
More information about the NANOG
mailing list