North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
- From: Martin Hannigan
- Date: Fri Aug 16 16:36:59 2002
I'm not sure why this is such a worry since a lot of these
responders have been working for over a decade, and they've
all been just fine operating the way they are.
On Fri, 16 Aug 2002, Brad Knowles wrote:
> At 9:43 PM +0200 2002/08/16, Karsten W. Rohrbach wrote:
> > Brad Knowles(email@example.com)@2002.08.16 19:48:10 +0000:
> >> What kinds of anti-abuse protection methods have people used for
> >> "echo" accounts that they have set up?
> > - scoreboard: one mail from one source addres in one minute time window
> Yeah, but then abusers could easily generate elephantine
> quantities of messages, simply by randomly generating return
> addresses (if they wanted to DoS you or your network), or by randomly
> generating the user portion of return addresses (if they wanted to
> abuse you to DoS someone else). If they know that there are multiple
> domains handled by the same servers, they could randomly generate
> addresses within that set of domains.
> > - gnupg: mail needs to be signed to fire a return mail. key of the
> > signer must belong to the robot's gpg trust web.
> Ooh, so in order to use the echo server, they have to send a PGP
> signed message? Wow, that's pretty expensive. That sounds like a
> really excellent way to DoS your server.
> Thanks for sharing!
> Brad Knowles, <firstname.lastname@example.org>
> "They that can give up essential liberty to obtain a little temporary
> safety deserve neither liberty nor safety."
> -Benjamin Franklin, Historical Review of Pennsylvania.
> GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E W+++(--) N+ !w---
> O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
> tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)