Re: [Asrg] Tarpitting

Alessandro Vesely wrote:
        [..]

And what about filtering blacklisted IPs at the firewall level, i.e.blocking (reject, drop, or tarpit) their syn requests? Is it better thanletting spammers consume our mailer daemon resources?


Perhaps a little tangential, but back in 2006/2007 I had a student
implement a scheme for randomised reject/drop of inbound SYN based on
blacklists (http://caia.swin.edu.au/stockade/). A cute (although not
yet proven useful) aspect of our system was that we did the reject/drop
of TCP SYN from origin Y with a certain probability X that faded over time T.
Time T was measured from the last time we 'saw spam' from origin Y. This
amounted to an auto-rehabilitation of blacklisted origins, so that false
positives for 'saw spam' wouldn't have negative impact for more than
<some configurable number> of minutes. (I'm not sure if our software's ever
been used elsewhere, however.)

cheers,
gja

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/asrg

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [Asrg] On assertions, (continued) Re: [Asrg] On assertions, Alessandro Vesely Re: [Asrg] On assertions, der Mouse Re: [Asrg] On assertions, David Nicol [Asrg] Tarpitting (was: Re: On assertions), Alessandro Vesely Re: [Asrg] Tarpitting (was: Re: On assertions), der Mouse Re: [Asrg] Tarpitting (was: Re: On assertions), David Nicol Re: [Asrg] Tarpitting (was: Re: On assertions), David Nicol Re: [Asrg] Tarpitting, Chris Lewis Re: [Asrg] Tarpitting, Alessandro Vesely Re: [Asrg] Tarpitting, Chris Lewis Re: [Asrg] Tarpitting, grenville armitage <=

Previous by Date:	Re: [Asrg] Tarpitting, Chris Lewis
Next by Date:	Re: [Asrg] Tarpitting, Alessandro Vesely
Previous by Thread:	Re: [Asrg] Tarpitting, Chris Lewis
Next by Thread:	[Asrg] For DNSBLs, embedded IPv4 in IPv6, John Levine
Indexes:	[Date] [Thread] [Top] [All Lists]