Home page logo
/

nanog logo nanog mailing list archives

RE: Stealth Blocking
From: Roeland Meyer <rmeyer () mhsc com>
Date: Thu, 24 May 2001 17:49:54 -0700




From: Mitch Halmu [mailto:mitch () netside net]
Sent: Thursday, May 24, 2001 2:48 PM

On Thu, 24 May 2001, Matt Cramer wrote:

I will give you a solid reason why we won't try this, quoting 
research 
with POP-before-SMTP conducted by the founder of MAPS TSI, 
Chip Rosenthal 
http://users.laserlink.net/~chip/relay-pres-9910/

You don't have to believe me that our clients will not accept 
that, take
his words instead:

"Our users hated it - particularly those using MS Outlook"

No need to describe what happens when your clients hate your 
service...

On that same page, I found this very interesting. The part about false
positive, to normal relay testing, got my attention.

Guys, there are more cases that may look like an open relay, but really
aren't.

<quote>
Escalating Credentials
Curently deployed in Laser Link network

Amalgamation of two mechanisms:

POP-before-SMTP

Rate limiting

Count mail from originating IP address

...

Disadvantages:

Complex implementation

Will users accept upper limit?

False positive to conventional relay testing
</quote>




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault