Yet another address harvesting analysis idea

• Previous message (by thread): Yet another address harvesting analysis idea
• Next message (by thread): OT: co-lo DC Metro area non-rack-mount box?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----

Michael.Dillon at radianz.com wrote:

> In order to truly secure the net against spammers we would 
> need to secure both the email system and the DNS system.
> I use the word "system" in the context of General Systems Theory,
> to refer to everything connected with
> the transport of email across the Internet including the users, their
> interfaces, the MUAs, the MTAs and the protocols. Similarly for DNS, I
> include things like the domain name registries and registrars 
> and their policies.

And we would need to protect the edges so that spammers can't just
announce some netblock and spam the hell out of you, retract the
announcement and are clean like babies (after washing them ;)

For instance atm in IPv6 some entity is announcing 2001:248::/32
from a Japanese ASN, with a sole upstream AS in Hungary.
I also saw a deallocated 6bone block trying to be used for
circumventing a firewall rule, announcing the old block and
hope the stupid admins didn't remove the old allow rules

For the above to happen we really need a good filtering system
in place allowing the router to decide if an announced prefix
is really valid and if it really belongs to the originator and
that the originator is allowed to announce it.
ORF is a start but that only works between two boxes and basically
tells the peer which prefixes you want to accept, then you will
still need to configure that on every single router. What we
really need is a way of inserting a prefixfilterlist into BGP,
thus when a new allocation comes up that allocation can be added
to the list quickly and announced per BGP.
Things like trusting the source ASN is then another
step. Unfortunatly we cannot control the complete internet as
there will always be rogue operators, but we can make the best
of it and try to exclude those networks from doing harm to
the rest of the world. It's all about trust and sometimes
that is a hard thing to find in this world.

Greets,
 Jeroen

-----BEGIN PGP SIGNATURE-----
Version: Unfix PGP for Outlook Alpha 13 Int.
Comment: Jeroen Massar / jeroen at unfix.org / http://unfix.org/~jeroen/

iQA/AwUBP3f8iymqKFIzPnwjEQKXNgCglwKpTKCvip3oHmzG8zQVJpjGlysAoL+P
8max7MvVTwjBzbHenBXMm3Fl
=umvL
-----END PGP SIGNATURE-----

• Previous message (by thread): Yet another address harvesting analysis idea
• Next message (by thread): OT: co-lo DC Metro area non-rack-mount box?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]