Home page logo
/

nanog logo nanog mailing list archives

RE: Stealth Blocking
From: <jlewis () lewis org>
Date: Wed, 23 May 2001 23:10:58 -0400 (EDT)


On Wed, 23 May 2001, Roeland Meyer wrote:

I hate to be pendantic here, but from your own email and what other sources
have told me, this is inaccurate. MAPS does NOT do pre-emptive open-relay
testing. I consider this to be a very important distinction. If I thought
this was the case, I would stop using MAPS five minutes ago.

What's so bad about pre-emptive open-relay scanning?  What's the
difference between an open-relay found/used by a spammer and added to the
RSS and an open-relay found by pre-emptive scanner and added to the RSS?
Both sites are likely sources of relay spam.  I recently upgraded a busy
set of mail servers from using only the DUL to the DUL/RBL/RSS, and the
number of messages being rejected/day has gone up about 20x.  I still get
relay spam and report a handful of open relays to MAPS every day.  If
there were a list like ORBS run more the way MAPS is run, I'd probably
give that a try too.

The only complaint I have about MAPS is that recently someone has been
making some SWAGs regarding what blocks of our IP space are dial-ups and
whoever oversees the DUL has added blocks of non-dial-ups apparently
blindly, causing trouble for our customers and support calls to our NOC.

--
----------------------------------------------------------------------
 Jon Lewis *jlewis () lewis org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault