Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Echo

  • From: Brad Knowles
  • Date: Fri Aug 16 16:35:14 2002

At 9:43 PM +0200 2002/08/16, Karsten W. Rohrbach wrote:

 Brad Knowles( 19:48:10 +0000:
 	What kinds of anti-abuse protection methods have people used for
 "echo" accounts that they have set up?
 - scoreboard: one mail from one source addres in one minute time window
Yeah, but then abusers could easily generate elephantine quantities of messages, simply by randomly generating return addresses (if they wanted to DoS you or your network), or by randomly generating the user portion of return addresses (if they wanted to abuse you to DoS someone else). If they know that there are multiple domains handled by the same servers, they could randomly generate addresses within that set of domains.

 - gnupg: mail needs to be signed to fire a return mail. key of the
   signer must belong to the robot's gpg trust web.
Ooh, so in order to use the echo server, they have to send a PGP signed message? Wow, that's pretty expensive. That sounds like a really excellent way to DoS your server.

Thanks for sharing!

Brad Knowles, <>

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E W+++(--) N+ !w---
O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.