ietf-asrg
[Top] [All Lists]

Re: [Asrg] Dictionary Attacks

2008-11-19 10:30:11
Richard Golodner <rgolodner(_at_)infratection(_dot_)com> wrote:

Rich K is asking the correct question that all op's should be asking
every day, what can be done to remove the need for all of the abuse
reports?

   Indeed, that is the question operators should ask themselves on any
day they deal with more than a handful of valid abuse reports. But that
is not what this list is for. This list is for research topics in spam
abatement.

Run a tight net and conform to the bcp's. We all know what works and
what does not.

   Well, I don't know _anything_ that works against spam _to_ <abuse>
resulting (I guess) from dictionary attacks on domains I manage by
clueless spammers. I myself receive few enough of these that I sort
all <abuse> email (for any domain) into yet-another-identified-spam
mailbox. I am not looking for advice on how to "improve" on this,
because it's well beyond 100:1 spam and I _want_ to empty my spam
mailboxes daily.

It is time that we look at our nets and identify the problematic
parts of the overall design and re-engineer them so they are under
a greater degree of control.

   Myself, I don't feel that need -- I can't remember the last time
I had to deal with more than one arguably-legitimate abuse report
per day. But if anyone here wants to discuss _research_ into how to
do this better, I'm happy to discuss it.

We design and build out the topology, we should all have had enough
experience to address what we know will be problematic in the
network and do all that is possible to keep these problems to a
minimum.

   This is true of many smaller ISPs and IS managers; I'm not sure
if it's true of larger ISPs. Unfortunately, the failings of larger
ISPs create pressure on smaller ISPs and IS managers to "route
around" these failings. I like to believe there are things we could
do to make it easier for large ISPs to deal with these problems
themselves.

--
John Leslie <john(_at_)jlc(_dot_)net>
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg