RE: Interesting new spam technique - getting a lot more popular.
Since this technique requires a IPinIP or GRE tunnel, wouldn't blocking these two protocols to/from the hosts be sufficient? Assuming of course the customer's host isn't using that normally. Chuck Netco Government Services has recently acquired Multimax and is changing its name to Multimax Inc. Visit http://www.multimax.com for more information.
On Jun 14, 2006, at 1:53 PM, Church, Chuck wrote:
Since this technique requires a IPinIP or GRE tunnel, wouldn't blocking these two protocols to/from the hosts be sufficient? Assuming of course the customer's host isn't using that normally.
Unfortunately, that probably won't work for very long, if at all. First, it's kinda difficult to guarantee your customers will not use a protocol. Second, unless you have deep packet inspection, what is to stop the spammer from using, say, port 80 for their tunnel? Third, what's to stop them from using SSH tunnels? Etc., etc., etc.... -- TTFN, patrick
On Wed, 14 Jun 2006, Church, Chuck wrote:
Since this technique requires a IPinIP or GRE tunnel, wouldn't blocking these two protocols to/from the hosts be sufficient? Assuming of course the customer's host isn't using that normally.
sure, but those are probably just convenience things, what happens when they setup an ssl tunnel? or http tunnel or ping tunnel?
participants (3)
-
Christopher L. Morrow
-
Church, Chuck
-
Patrick W. Gilmore