Please quit feeding the trolls.
The past few years have shown several DDOS attacks aimed at subscribers of the NANOG mailing list. As soon as someone brings up nearly any subject, their thread is pulverised by no end of messages on 'why Paul Vixie is the antichrist', 'how ARIN ate my hamster', 'how ICANN is in league with the devil', or copious other similar byte arrangements. Though each attack is similar in nature, they are sufficiently different in byte content (but not semantic content) that they are hard to automatically filter. The attack appears to work by overloading mailing lists with large amounts of mail message with little relevance to the purpose of the group. During the attack, because of the large volume of superfluous messages, subscribers can no longer use the list for operational purposes. Such attacks are invulnerable to source tracing, and filtering via .procmailrc access lists, as the they appear to be spoofable from an almost infinite number of source mail addresses. Users around that world, who are not clue protected, can easilly read one such message, and taken over by the idea they know something about one such subject, become zombies, and flood mailing lists with large quantities of trite or misguided rubbish. Several solutions have been suggested, including border clue filtering. This would involve all ISPs preventing clueless users from sending emails. However, this has proved impractical to implement. Apparently some ISPs may have clueless staff. A second suggesting is 'blackholing' mailing lists whilst they are under attack. This can be achieved by simply not reading messages posted to the list during the period of attack, or setting a .procmailrc to redirect to /dev/null. However, this has the side-effect of dropping operational traffic as well. Whilst the SMTP protocol does not carry secure clue authentication, it will be difficult to prevent malicious or incompetent users from injecting clueless messages into otherwise clueful data streams. In the mean time, mailing list users will have to apply ad-hoc mechanisms to reduce the impact of such attacks. Do not feed the trolls. -- Alex Bligh (personal capacity)