|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Stealth Blocking
On Thu, 24 May 2001 09:46:19 PDT, "Eric A. Hall" said: > TCP rate-limiting on outbound traffic to *:25 would also be extremely > effective, particularly on unclassified customer traffic, and without the > heavy-handed nature of denying all dial-up traffic. Rate-limiting doesn't > interfere with low-volume legitimate mail, but it really cramps spam. I've seen a number of opinions that it doesn't do squat to cramp spam. Remember that the spammer is handing the "open" relay one piece of mail with zillions of RCPT TO:s - rate limiting the outbound just means that the zillions of recipients sit in *your* queue that much longer. Also, I have heard from multiple sources that the spammers are well clued enough to utilize multiple relays in parallel - if you rate limit to 1/N of bandwidth, they just use N relays at the same time. The problem is that you shoot YOURSELF in the foot by DOS'ing yourself by the time you get N cranked high enough to do any serious damage to the spammer.... -- Valdis Kletnieks Operating Systems Analyst Virginia Tech Attachment:
pgp00058.pgp
|