Dean Anderson <dean(_at_)av8(_dot_)com> wrote:
You have no basis for concluding that their recieving "ICMP port
unreachable" means that they actually tried connecting to you.
As I said, how about watching the packets go out of my box?
So there is no reason to think they are trying to send you spam.
Other than the umpteen connections/s to port 25 on my machine. No,
no reason to think they're trying to send me spam.
If __they__ were sending you thousands of spam connections, and getting
thousands of port unreachables back, they would first notice the
additional CPU load on their server due to the many processes attempting
to connect to you. They would next notice the equally large number of TCP
SYN packets coming from their server. Apparently, they didn't find this,
and so the contacted you.
I count at least 3 assumptions in that paragraph.
Now possibly one person would notice Unreachables, and not look to see if
they were sending SYNs. But you indicated that not just a few, but _MANY_
people made this same "mistake".
Read the web page. It's "a steady trickle". More than one, and
less than 10.
Further, To prove your claim, __you__ would need logs indicating that they
actually tried connecting. Where are the SYNs from their server? But you
have no such specific logs, or don't claim you do in those cases.
I have the data, you don't. I'm sorry that this upsets you.
Spammers aren't calling you complaining that you should not to send them
ICMP unreachables. What lunacy
Exactly. I never claimed that.
At this point, I have to ask: Are you for real, Dean?
Alan DeKok.