At 04:42 14-01-2009, Rich Kulawiec wrote:
And second, have you (rhetorical you) been paying attention to the
origination points of the vast majority of attempted malware deliveries
over the past decade? They're coming from places like this (seen within
the last hour here):
11.red-81-43-100.staticip.rima-tde.net [81.43.100.11]
12-216-204-70.client.mchsi.com [12.216.204.70]
122-82-124-91.pool.ukrtel.net [91.124.82.122]
1809ds4-fb.0.fullrate.dk [90.184.161.72]
78-0-202-32.adsl.net.t-com.hr [78.0.202.32]
89-180-255-125.net.novis.pt [89.180.255.125]
cable-87-116-168-96.dynamic.sbb.rs [87.116.168.96]
cpe-69-133-71-112.columbus.res.rr.com [69.133.71.112]
ip-90-187-210-98.web.vodafone.de [90.187.210.98]
Do you think any of those are actual mail servers? Do you think that
any of them actually are running an SMTP engine which does something
with rejected traffic? Do you think that any of them are running an SMTP
engine which even *notices* rejected traffic?
A few of them may be actual mail servers. Not all of them may be
listening for SMTP connections. A negligible number of them may do
something about rejected traffic.
Some people find it easier to block SMTP traffic from such
origination points than to put in the resources to handle them. If
we are looking for an identifier which says that "this IP address may
originate SMTP traffic", then it's better to invent one than to rely
on hostnames.
Regards,
-sm
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg