[Top] [All Lists]

Re: DoS attacks (was Re: SMTP Transferred-By-Reference)

2007-11-16 16:37:39

My opinion:

Spammers get more credit than they deserve.

The majority are small organization snake-oil sales people dealing in a very small margin/high volume business model. They don't wish to waste expense on any R&D SMTP cracking team. They use free ware, brain-dead bulk mailers, scripts engines, some of which are ironically written by career IETF participants. The better ones might get specialized bulk mailer/statistic software, but overall, their best offense is no offense - do nothing - work in legacy mode and/or compliant with the expectations.

Also, in lieu of bugs, everyone with serious server systems already has a DoS, smtp related or otherwise, loading limit and/or self-regulating controls in their software.

I see these loading-based DoS points as a non-issue.


Hector Santos, CTO

Glenn Anderson wrote:

At 12:01 am -0500 16/11/2007, Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:
On Fri, 16 Nov 2007 14:46:29 +1300, Glenn Anderson said:

 I don't believe it to be a simple problem for the spammers and bot
 architects to solve. Not only do they need to start keeping track of
 state, they need to keep track of a lot of state (the volume of
 messages they are trying to send is huge), which requires a lot more
 resources, and they need to manage CPU and network resources such
 that they are available for them to retry later.

Oh, hogwash.

Years ago (1995 timeframe), I was able to do a million RCPT TO's/day from a listserv machine, using Sendmail on an IBM RS6000-250. Little pizza box, 256M
of memory, a whole whopping 66mz 601E processor.

I don't follow. Your saying that because you could send a million RCPT TOs on a 66MHz 601 back in 1995, the extra overhead of having to track state information won't negatively impact the rate at which bots can attempt to send spam?

If spammers can't write code
tight enough to do so un-noticed on today's consumer boxes, there's something
*seriously* wrong.

I don't see how that makes any difference, unless you have some reason to believe that current bots that don't track state are very inefficient, or aren't utilizing as much CPU and network bandwidth as they could be.