DoS of spam blackhole lists
Hi, Considering that it appears that spammers are now resorting to DoS'ing sites that host spam lists, wouldn't now be a good time to investigate the possibilities of a distributed, or at least, load balanced blacklist provider? Even something as simple as round-robin DNS with sufficient nodes (couple of hundred?) should be enough to make such attacks highly inefficient and far, far less likely to be effective. Of course, with round robin DNS, one can target the DNS servers. Would this make for an interesting community project? Any comments appreciated. -- Andrew G. Thomas Hobbs & Associates Chartered Accountants (SA) (o) +27-(0)21-683-0500 (f) +27-(0)21-683-0577 (m) +27-(0)83-318-4070
On Fri, 29 Aug 2003, Andrew Thomas wrote:
Considering that it appears that spammers are now resorting to DoS'ing sites that host spam lists, wouldn't now be a good time to investigate the possibilities of a distributed, or at least, load balanced blacklist provider?
That's an interesting reaction to the problem. Here's a better idea: a) admit that your stupid, self-appointed-netcop blacklists and self-righteous spam projects are inherently flawed, and are generally populated by spam reports made by clueless idiots that don't realize they are reporting forged and/or incorrect addresses. The net effect is that a lot of innocent bystanders/IP-blocks/ISPs waste a lot of time dealing with your self-righteous crusader projects. b) realize that the distributed method you suggest already exists - it is called procmail(*). Please spend your sophomore year working on something besides "self-appointed-spam-netcop-site-of-the-week". (*) or you could setup a dummy email account on all web-published documents, and delete any email that arrives in both mailboxes, or you could implement a challenge/response mechanism for all new senders. All three mechanisms mentioned are distributed, independent, and don't require some asshole swooping in to save us with his miraculous spews database. ----- John Kozubik - john@kozubik.com - http://www.kozubik.com
John: ...
a) admit that your stupid, self-appointed-netcop blacklists and self-righteous spam projects are inherently flawed, and ... Please spend your sophomore year working on something besides "self-appointed-spam-netcop-site-of-the-week". ... ..., and don't require some asshole swooping in to save us with his miraculous spews database. ...
I fail to see how the above is at all necessary in responding to the statement. Either a) an explanation, or b) a link to an explanation as to why you have these opinions would have been far more useful than the above troll.
b) realize that the distributed method you suggest already exists - it is called procmail(*). Procmail serves no purpose by itself. It requires no small amount of effort on the part of the administrator to utilise for any type of systems implmentation, and thus administrators with limited time (common in smaller companies) will rather rely on (flawed) projects than self-initiated implementations.
(*) or you could setup a dummy email account on all web-published documents, and delete any email that arrives in both mailboxes, or you could implement a challenge/response mechanism for all new senders. All three mechanisms mentioned are distributed, independent
The above is useful information. Specifically, the recognition of duplicate mail receipts is a concept that is new to me, though that would require that both email addresses would receive an equal amount of 'publicity' on newsgroups, mailing lists, etc in order that they are both acquired by a potential spammer. The latter idea I have heard before. If you have a preferred implementation however, which one it is and why is information that I would find useful. A. -- Andrew G. Thomas Hobbs & Associates Chartered Accountants (SA) (o) +27-(0)21-683-0500 (f) +27-(0)21-683-0577 (m) +27-(0)83-318-4070
participants (2)
-
Andrew Thomas -
John Kozubik