Home page logo

nanog logo nanog mailing list archives

Re: Stealth Blocking
From: Mitch Halmu <mitch () netside net>
Date: Thu, 24 May 2001 14:05:16 -0400 (EDT)

On Thu, 24 May 2001, Dave Rand wrote:

The MAPS RSS(sm) is a list of open relays *which have been abused*.  These
are sites which have been reported to MAPS as open relays, and have spam
samples.  Once the spam has been verified, a test is performed to verify
that the site is, indeed, an open relay.  If a sample message is accepted,
and then returned by the site as a relay, the host is listed.  Removal from
the RSS requires that the host no longer relays.  Automated probes are never
done - a human must request the test, and spam must be available.  Because
of the very large number of hosts listed (around 100,000 as I write this),
it's generally used in DNS mode only.  It's pretty easy to get a host which
is an open relay that has transmitted spam onto the list.  Between 100 and
1,500 hosts per day are added, and hundreds per day are taken off (as soon
as they let MAPS know that the relay has been closed).

Very interesting statistics. It gives you a clear picture of the magnitude
of the squeeze. Now I understand why such heavy hammer was needed at the
helm full-time. Supposing that 100,000 server owners plus those forcibly
're-educated' get together and do something about it, like scream, or jump 
of a 12 inch stool, or donate $10 each, would they be able to shake Dave 
off his high horse? How about if they also rally their users that were 
suddenly cut off?

The collateral damage in blocking 100,000 hosts is simply unacceptable.
Especially because there are only a few hundred die-hard professional
spammers that need to be rooted out, and the problem diminishes, or at
least becomes manageable in another way. As an ISP, I have yet to see
a list of black sheep compiled consisting of individuals, spam companies, 
or credit cards used to defraud that should not be subscribed. Banks
share such information, why can't ISPs?

No matter how noble the cause, the methods are wrong. In all the debate, 
it was perhaps lost that no viable technological solution to roaming, 
meaning one that is happily accepted by the end user, exists yet. And 
please don't mention SMTP Auth, it's not perfected yet.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]