At 01:42 AM 5/24/2004 -0400, you wrote:
From: Tim Meadowcroft <tim(_at_)schmerg(_dot_)com>
Subject: Tarpitting and SpamCannibal (was Re: Brainstorming RFROM variants)
Date: Sat, 22 May 2004 13:06:45 +0100
On Saturday 22 May 2004 00:54, Seth Goodman wrote:
The qsmtpd list has had much discussion of the "spamcannibal" approach
in which your MTA informs your firewall to drop a random half of the
packets arriving on this eschewed connection.
Sounds interesting. What can you tell us about this?
****************** REPLY SEPARATER ******************
I have set up 2 "honey pots" that feed a black list server. This particular
setup is effective against the "hijacked" machines on a broadband
connection spewing out garbage. When I set them up, I considered delaying
the packet acknowledgements but that seemed counter productive. The system
was more effective when the spammer was encouraged to use all the IP
addresses in his/her arsenal. I have encountered as many as 57 different IP
addesses used in a single spamming attempt. This morning, the Black List
server has 2,218 different IP addresses that have been used in the last 18
hours. This is unusually high, as it normally runs around 1,500, and
sometimes as low as 900.
J.A. Coutts