On Thu, Sep 25, 2003 at 01:08:44PM -0400, Chris Lewis wrote:
1) What's to prevent the DDOS attackers from DDOS'ing the DNS servers
serving up the ranges they're spamming from? I sense yet another
business opportunity for the DDOSers - "pay us to blow the brains out of
your ISP's DNS servers!"
What do they gain?
If the defaults are correctly adjusted, none of the emails will go
through, because no answer = don't accept.
3) How are you going to get the ISPs to provide "OPEN PROXY" TXTs? Have
them scan their own IP ranges? If they're doing that, they should shut
'em _off_ instead [+]
I am currently writing a draft. I hope to finish it up next week.
The idea is to to have TXT records in revDNS that say
MTA=yes or MTA=no
that way the admin of the in-addr.arpa block has a way to tell others
whether this IP is intended to be a MTA or not. This not only helps
reduce spam but also viri that come with their own SMTP module and
spit their garbage out.
IMHO one big problem whith spam and viri currently is the anarchistic (sp?)
nature of the Internet.
In priciple everyone can put a sending "MTA" on every IP address and
contact any receiving MTA. The receiving MTA has no real chance to
identify whether the sending partner is the postman or a bad guy.
History shows that you can't depend on the "admins" of the computers
to keep up with security patches, antigenes for viri or even reading a
manual. So if they fail the complicated task to secure the computer,
give them an easy way to tell the world "regardless what this host does,
I don't want it to send emails across the Internet".
\Maex
--
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
proportional to the amount of vacuity between the ears of the admin"
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg