[Top] [All Lists]

Re: [Asrg] Development of an object assessment format/protocol

2013-03-04 13:01:34
On 04/03/2013 18:28, Martijn Grooten wrote:
Emanuele Balla (aka Skull) wrote:
Straight to the point: abusive URLs on legit domains . There's no
(easy/effective) way to encode an entire URL in a DNS request.
At least, that's the reason why I've been thinking about this topic for the last
4 years... :-\
Can't you just use HTTP for that?

Well, HTTP seems a bit 'heavyweight' for this to me. That's one of the advantages of DNS - it's UDP, so no packets to set up short-lived sessions. (Other advantages, AFAICS, are distributed caching, and widespread support)

I suppose you could keep a HTTP session open for a while, but, you'd need a beefy server to handle the zillions of sessions you'd have to have open at once. DNS doesn't have 'sessions' so you don't have this problem.

OTOH, a disadvantage of DNS is that it's UDP, so you have to handle retries etc yourself.

So, if you're looking at something like this, you need to first of all think UDP or TCP? UDP is easy & quick to have lots of packets flying around, but you have extra work to handle retries, and some of the benefit of UDP could be gained by just having long-lived sessions between reputation source and reputation checker. But, this may cause issues for servers and firewalls (could a typical server/firewall have hundreds of thousands of active TCP sessions? A NAT firewall would die quickly, but could a non-NAT firewall cope?)

If you decide UDP is the most efficient, then DNS is very attractive, because you already have distributed caching 'built-in' to the Internet infrastructure, but if we're willing to dump that capability, then I'm fairly sure we could come up with something with the suitable capabilities which would fit in a UDP packet size - once we can decide what the 'suitable capabilities' are...

If TCP is the way to go, then the world is your oyster, but I'd be concerned about speed and the server requirements. Anyone know how many queries someone like Spamhaus gets an hour?


Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53
Asrg mailing list