RE: Security of DNSBL spam block systems
At 2:29 AM -0400 2002/07/23, Phil Rosenthal wrote:
IMHO Even the really large DNSBL's are barely used -- I think (much) less than 5% of total human mail recipients are behind a mailserver that uses one...
Not true. There are plenty of large sites that use them (e.g., AOL), and many sites use them to help ensure that they themselves don't get added to the black lists. IMO, there is a serious risk of having DNSBL servers attacked and used as a DoS. The easiest way would be to check to see if the servers being used are open public caching recursive servers, in addition to their authoritative services. If so, then they would be open to cache poisoning attacks. That said, I think the bigger black list services are run by people who have at least half a clue as to how a nameserver should be operated, and therefore they should be relatively secure. However, they would still be at risk if one of their parent zones is served by a nameserver that mixes both authoritative service & caching/recursive service, and therefore would be easily subject to cache poisoning. -- Brad Knowles, <brad.knowles@skynet.be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania.
On Tue, 23 Jul 2002, Brad Knowles wrote:
IMO, there is a serious risk of having DNSBL servers attacked and used as a DoS.
A slightly different sort of DOS from what you mean would be what we got a few days ago. I got a call from our Noc about problems with our old (but still online) incoming mail servers. They were taking about a minute to put up their SMTP banner when you connected to them. Turned out the problem was that we were using bl.spamcop.net which was being DOSed at the time ( according to most reports, some said they had upstream link problems ) . The live servers are using spamassassin which has decent timeouts so they were not affected. We try and slave as many RBLs as possible locally to avoid these sort of problems. -- Simon Lyall. | Newsmaster | Work: simon.lyall@ihug.co.nz Senior Network/System Admin | Postmaster | Home: simon@darkmere.gen.nz ihug, Auckland, NZ | Asst Doorman | Web: http://www.darkmere.gen.nz
On Tue, Jul 23, 2002 at 10:20:58PM +0200, Brad Knowles wrote:
At 2:29 AM -0400 2002/07/23, Phil Rosenthal wrote:
IMHO Even the really large DNSBL's are barely used -- I think (much) less than 5% of total human mail recipients are behind a mailserver that uses one...
Not true. There are plenty of large sites that use them (e.g., AOL), and many sites use them to help ensure that they themselves don't get added to the black lists.
Is true.. those "large sites" still account for an infinitely small percentage of the net.
IMO, there is a serious risk of having DNSBL servers attacked and used as a DoS.
Yes, there is a risk but the exposure is negligble if it does occur. I'm all for anti-spam measures but unless they're universally adopted and the world governments start putting spammers out of business, these anti-spam blacklists are more of an annoyance operated by a radical fringe of the net. I get 500-600 pieces of spam a day, and there is nothing I can do about it. This topic has also been discussed to death before, the potential for a DoS atatck is patently obvious to everyone. [snipped] (I also trimmed the Cc list)
participants (3)
-
Brad Knowles
-
Len Rose
-
Simon Lyall