On Mon, 19 Aug 2013, David F. Skoll wrote:
On Mon, 19 Aug 2013 07:31:33 -0700 (PDT)
John Hardin <jhar...@impsec.org> wrote:
Have you considered TCP Tarpitting instead of just blocking them?
Blocking them doesn't actually *punish* them. Getting their MTAs
*stuck* for hours or days does.
IMO, tarpitting is useless. When you have hundreds, thousands or more
compromised zombie computers at your disposal, you're not even going
to notice tarpitting.
How likely is a repeat offender to be a zombie?
It seems to me that greylisting and TCP tarpitting catch both sides of the
problem. Greylisting blocks junk from the single-attempt zombies, and TCP
tarpitting will catch the ones who are persistent offenders.
Spammers can also use custom software with short timeouts to move on
quickly if they think they're being tarpitted.
We can't solve the problem completely with this, so it's not worth the
effort to *reduce* the problem?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The Constitution is a written instrument. As such its meaning does
not alter. That which it meant when adopted, it means now.
-- U.S. Supreme Court
SOUTH CAROLINA v. US, 199 U.S. 437, 448 (1905)
-----------------------------------------------------------------------
5 days until the 1934th anniversary of the destruction of Pompeii
