IPv6 isn't SMTP
Blake Hudson
blake at ispn.net
Thu Mar 27 19:36:14 UTC 2014
Barry Shein wrote the following on 3/26/2014 11:24 PM:
>
> Some will blanche at this but the entire spam problem basically arose
> from the crap security in Windows systems, particularly prior to maybe
> XP/SP2.
>
> Not sure where all that leads us, however. Better security at those
> major exploitation points, in a nutshell.
>
> And if someone disagrees then please tell me how spammers as we know
> them (and related miscreants) can operate without these few sources of
> purloined resources.
>
> Preferably without a big hand-wave like "oh they'll just find
> something else!"
>
> Maybe not!
>
You're largely right. Botnets are a big source of spam. As a mail server
operator, they're the biggest source that I see. They're also easy to
block through a number of means (The ISPs they're located on often block
port 25, PBL (or similar), rDNS, and other behavior). It sounds like it
will likely be a similar matter of blocking residential botnet
participants on IPv6 due to the fact that residential ISPs will likely
apply similar port 25 policy to IPv6 as they do to IPv4 and no rDNS.
However, as more attention is being payed to secure these end stations,
spammers are looking at alternative avenues. In recent years, they've
been harvesting user credentials through various means and then
exploiting these compromised accounts to send email through otherwise
legitimate servers. These are the spam messages that are hard to block.
And these may be the areas where reputation based services will not be
able to keep up in an IPv6 landscape. At least this concentrates the
sources of spam (from my server's vantage point) and reduces the attack
surface so that the problem is likely addressed more quickly and by
someone with a higher level of knowledge than the average (unknowing)
botnet participant.
Unfortunately, I can't keep Suzie teenager or Joe grandpa from giving
his or her password out to a phisher. Fortunately, I can place
reasonable limits on their accounts and the number of messages they're
allowed to send or the rate at which they're allowed to send messages.
If everyone else would just do the same we'd be a lot better off against
this kind of attack.
--Blake
More information about the NANOG
mailing list