1) What's to prevent the DDOS attackers from DDOS'ing the DNS servers
serving up the ranges they're spamming from? I sense yet another
business opportunity for the DDOSers - "pay us to blow the
brains out of
your ISP's DNS servers!"
The effect of the attack is limited to the one ISP and creates something of
an immediate incentive for the ISP to work out which of their customers is
responsible.
The current situation means that it only takes one spammer to commission a
DDoS attack and no information is available for any source.
I find the 'what is to prevent' argument unhelpful when analysing the likely
impact of an attack. The point is not to make the attack harder to mount,
the point is to reduce the impact.
2) This treats only one current aspect of the spamming issue.
We don't
want to block residential IPs per se, we want to block
spam[+]. Might
as well have ISPs TXT-label their appropriate blocks as "SPAM
SOURCES".
Currently my ISP is blocking outgoing port 25 connections entirely. I would
rather have a situation where I can send email but the receiver was aware of
the nature of its origin.
3) How are you going to get the ISPs to provide "OPEN PROXY"
TXTs? Have
them scan their own IP ranges? If they're doing that, they
should shut
'em _off_ instead [+]
I did not discuss open proxies.
It is clearly a good thing if ISPs know what their customers are up to. But
this proposal is independent of any port scanning.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg