North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: How do you stop outgoing spam?
On Mon, Sep 09, 2002 at 06:15:12PM -0700, firstname.lastname@example.org said: > > Rafi Sadowsky wrote: > > Maybe I'm missing something obvious but do how you get rate-limiting per > >TCP *flow* with Cisco IOS ? > > There is something called flow-based RED (FRED) but it consumes a whole > lot of memory because you have to keep track of lots more state. I > don't know about that code. At the least what you can do is use the > rate-limit command and rate limit *all* outbound TCP/80 traffic (or for > that matter all access-list captured traffic). Now, doing so will make > any but the most trivial outbound TCP/80 absolutely painful, and will > cause tail drop. See Cathy Wittbrodt's work in this space, which was > presented at NANOG some time ago. > > Note, I'm not saying you should *do* this. It may be going a bit too > far for anti-spam. Exactly. If operators as a group would just take the most elementary of steps to decrease spam (along the lines Paul suggested), the effects would be so significant that I think we wouldn't be worrying about HTTP spam traffic (at least for the time being). The fraction of spam traffic that runs over HTTP rather than SMTP is, I suspect, rather small. If anybody has numbers on this, I'd be interested in hearing them one way or the other. -- -= Scott Francis || darkuncle (at) darkuncle (dot) net =- GPG key CB33CCA7 has been revoked; I am now 5537F527 illum oportet crescere me autem minui