ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] 2. Improving Blacklists and Reputation Services

2004-02-12 05:13:39
from [Jose Marcio Martins da Cruz] [Permanent Link] 
Eugene Crosser wrote:

On Wed, 2004-02-11 at 20:02, Jose Marcio Martins da Cruz wrote:
This may indicate that many spam is sent by a distributed system of workers, and not by open relays.
If this is the case, and if this kind of way continues - the tendance will be to have more and more IP addresses to be inserted on blacklists. 



From our experience, great majority of today's spam comes from a

distributed system of *zombies*, i.e. home and office workstations that
where trojened by some kind of virus.  Because this set of dangerous
machines is very dynamic (new ones get infected, old ones are healed by
antivirus programs), I think that blacklist approach is not effective
and should not be used to address this problem.
Yes, that's what I was thinking about. Open relays usually may remain much longer on blacklists than zombies, as the problem on the first case comes from MTA configuration. Zombies are used for very short time. So, blocking zombies IP address shall be very quickly and can be removed faster than open relays. I agree with you when you say blacklists shall not be used to address zombies problems. 

But if we agree that great majority of spam comes from zombies, why
should we continue to use blacklists.

We use blacklists and we have one DNS server serving rbl requests.
named process in this machines eats almost 900 MBytes of memory. Sure,
memory is cheap, disk is cheap, bandwidth is cheap - but ther's a
limit if blacklists are less efficient than other methods.

Or maybe I'm wrong.




OTOH, LMAP looks very promising against this kind of trouble, if widely
deployed.

Eugene


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg






--
 ---------------------------------------------------------------
 Jose Marcio MARTINS DA CRUZ           Tel. :(33) 01.40.51.93.41
 Ecole des Mines de Paris              http://j-chkmail.ensmp.fr
 60, bd Saint Michel                http://www.ensmp.fr/~martins
 75272 - PARIS CEDEX 06      
mailto:Jose-Marcio(_dot_)Martins(_at_)ensmp(_dot_)fr


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] 2. Improving Blacklists and Reputation Services, Eugene Crosser
Next by Date:  Re: [Asrg] 2. Improving Blacklists and Reputation Services, Daniel Feenberg
Previous by Thread:  Re: [Asrg] 2. Improving Blacklists and Reputation Services, Eugene Crosser
Next by Thread:  Re: [Asrg] 2. Improving Blacklists and Reputation Services, Daniel Feenberg
Indexes:  [Date] [Thread] [Top] [All Lists]