North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Barracuda Networks Spam Firewall

  • From: Valdis.Kletnieks
  • Date: Tue May 18 16:10:53 2004

On Tue, 18 May 2004 15:48:28 EDT, "Christopher X. Candreva" <[email protected]>  said:

> What would your auditor think about your secondary MX being used as a DOS 
> amplifier because it sends out thousands of bogus bounces to forged 
> addresses  ?

You're missing the main point - that sometimes things are done in ways that are
sub-optimal or even pessimal from the technical standpoint, because some other
consideration interferes.  Yes, it *would* be nice if everybody in the world
was able to DTRT on their outward-facing gateway and send back an immediate 550
on a RCPT TO: in order to stop stuff right up front.  However, this implies
getting buy-in and resources of all the appropriate people.

I'm sure *everybody* has had at least one Good Idea either totally shot down or
mutated beyond recognition because it wouldn't pass auditors (either internal
or external), or because it involved purchasing from Company X because X is the
only one with the feature support, but you'll never get that purchase order
approved by the "it must be Company Y gear" manager, or because deploying it
would involve getting buy-in from somebody in applications development, and
they don't understand why the urgency on this new feature you need them to

Attachment: pgp00026.pgp
Description: PGP signature