-----Original Message----- From: Patrick W. Gilmore [mailto:patrick@ianai.net] Sent: Sunday, February 21, 2010 11:17 AM To: NANOG list Subject: Re: Spamhaus...
On Sun, Feb 21, 2010 at 9:10 AM, Rich Kulawiec <rsk@gsp.org> wrote:
Hint: nothing stops the spammers from pointing the MX records for
throwaway domains at somebody else's mail servers. Among other
On Feb 21, 2010, at 1:01 PM, William Herrin wrote: their things.
MANY other things, unfortunately.
Clearly I shouldn't respond to any packets at all. After all, a bad actor can originate packets with a forged source address and I wouldn't want to abuse your network with unwanted echo-replies, syn-acks and rejs.
Bill:
That is actually somewhat correct.
You should not randomly respond to packets at arbitrary rates. If you do, you are being a bad Netizen for exactly this reason. See things like amplification attacks for why.
Of course, if you can get proper responses, say TCP sequence numbers, proving the other side really is talking to you, then that limitation is removed.
[Tomas L. Byrnes] Ok, so now we can agree on something: You should have a POLICY about how you handle packets. Now, while trying very hard to hold my powder since that is what the ThreatSTOP patent is about, how do you propose to define, and implement, that policy efficiently across multiple devices, from multiple vendors, in real time?