Stealth Blocking

• Previous message (by thread): Stealth Blocking
• Next message (by thread): Stealth Blocking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 24 May 2001 09:46:19 PDT, "Eric A. Hall" said:
> TCP rate-limiting on outbound traffic to *:25 would also be extremely
> effective, particularly on unclassified customer traffic, and without the
> heavy-handed nature of denying all dial-up traffic. Rate-limiting doesn't
> interfere with low-volume legitimate mail, but it really cramps spam.

I've seen a number of opinions that it doesn't do squat to cramp spam.

Remember that the spammer is handing the "open" relay one piece of mail
with zillions of RCPT TO:s - rate limiting the outbound just means that
the zillions of recipients sit in *your* queue that much longer.  Also,
I have heard from multiple sources that the spammers are well clued
enough to utilize multiple relays in parallel - if you rate limit to
1/N of bandwidth, they just use N relays at the same time.  The problem
is that you shoot YOURSELF in the foot by DOS'ing yourself by the time
you get N cranked high enough to do any serious damage to the spammer....

-- 
				Valdis Kletnieks
				Operating Systems Analyst
				Virginia Tech



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 211 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20010524/aacb2e55/attachment.sig>

• Previous message (by thread): Stealth Blocking
• Next message (by thread): Stealth Blocking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]