ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: draft-schlitt-spf-classic-01.txt

2005-06-08 13:28:20
from [Dean Anderson] [Permanent Link] 

On Wed, 8 Jun 2005, Alan DeKok wrote:



Dean Anderson <dean(_at_)av8(_dot_)com> wrote:

Alan, I think you misrember. And looking at www.striker.ottawa.on.ca just
now, I see you've been subject to reverse ping floods as well.


  Not surprisingly, you're missing a key point of information.  This
leads you to erroneous conclusions.

  FYI: At one point, I added FW rules to the box so that port 25 was
open for 5 of my closest friends, and would send ICMP Port
unreachables to everyone else.  While this may not have been the best
thing to do, it caught many idiots.

  "port unreachable" != "reverse ping flood"


You have no basis for concluding that their recieving "ICMP port
unreachable"  means that they actually tried connecting to you.  This 
packet is easily forged.

So there is no reason to think they are trying to send you spam. I did see
that you thought they were, __based on their logs__ (_Their_ logs have no
relevance to your claim)

Plainly, __their logs__ of ICMP unreachables don't mean they sent you
connections. You can't be that stupid. This is obstinancy.

If __they__ were sending you thousands of spam connections, and getting
thousands of port unreachables back, they would first notice the
additional CPU load on their server due to the many processes attempting
to connect to you. They would next notice the equally large number of TCP
SYN packets coming from their server.  Apparently, they didn't find this, 
and so the contacted you.

Now possibly one person would notice Unreachables, and not look to see if
they were sending SYNs.  But you indicated that not just a few, but _MANY_
people made this same "mistake". The law of numbers suggests that many
people would not make such a simple mistake.

Further, To prove your claim, __you__ would need logs indicating that they
actually tried connecting. Where are the SYNs from their server?  But you
have no such specific logs, or don't claim you do in those cases.

Just another demonstration of bad logic and irrationality.

But once again, you are ___still___ getting ___ABUSE___ 

This is not routine spam, as you keep insisting. Anti-spam techniques will
not stop people whose goal is abuse.

Spammers aren't calling you complaining that you should not to send them
ICMP unreachables.  What lunacy 


                --Dean


-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  draft-schlitt-spf-classic-02.txt, Douglas Otis
Next by Date:  Re: draft-schlitt-spf-classic-01.txt, Dean Anderson
Previous by Thread:  Re: draft-schlitt-spf-classic-01.txt, Alan DeKok
Next by Thread:  Re: draft-schlitt-spf-classic-01.txt, Alan DeKok
Indexes:  [Date] [Thread] [Top] [All Lists]