bill at herrin.us
Wed Feb 24 15:48:48 UTC 2010
On Wed, Feb 24, 2010 at 8:21 AM, Rich Kulawiec <rsk at gsp.org> wrote:
> On Sun, Feb 21, 2010 at 10:59:08PM -0600, James Hess wrote:
>> But if the origin domain has not provided SPF records, there are some
>> unusual cases left open, where a bounce to a potentially fake address
>> may still be required.
> Nothing stops an
> attacker from using a throwaway domain to send traffic to known
> backscatterers, who will then backscatter it to $throwawaydomain,
> whose MX's are set to $victim's MX's.
So? You, I and everyone else these days are no longer running open
relays. You don't host $throwawaydomain so the session will end at the
rcpt command. If someone merely wants to DDOS your server there are
far easier ways.
> it's never appropriate to respond
> to abuse with abuse.
William D. Herrin ................ herrin at dirtside.com bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
More information about the NANOG