North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: karl and paul, expostulating

  • From: Paul A Vixie
  • Date: Wed Feb 19 23:02:34 1997

> Filtering by connection to the SMTP port, based on source address, very
> definitely DOES work.

Filtering packets based on source address makes Ciscos go way slow on 
every packet.  Filtering based on destination address makes Ciscos go
very fast on most packets and a little slower on SYN-ACKs.

> > Removing people from the cooperative portion of the Internet works fine.
> Overbroad and unnecessary.

Sez you.  I'd ordinarily expect you to love the idea of "if you don't play
by my rules I will start my own Internet without you on it."

> And again, unnecessary and overbroad.  Filtering at the SMTP receiver port
> is perfectly fine, it works, and it doesn't prevent other traffic.

And, again, wrong.  I want spammers to spend 75 seconds of TCP PCB time on me.
By blackholing SYN-ACKs and not sending them ICMPs, they lose capacity that
they could otherwise spend spamming other people. I call this "fighting dirty."

> Wholesale filtering sets an ugly precedent.  If someone was sending SYN
> packets with random port numbers it would be one thing (and the only
> effective thing that could be done) but in this particular case it is
> neither necessary NOR, in my opinion, appropriate for a network which
> operates a *PUBLIC* resource.

I operate a cooperative resource.  I will not have it used against me.
This is not negotiable.  I pay for my part of the Internet and anyone
who wants their traffic to traverse it has to make sure that I derive
similar value, in the aggregate, to theirs when they send me traffic.

If I buy something on a web site, buyer and seller both profit and I'm
fine with that.  But spamming uses my links, routers, disk drives and
real human time -- 100% of the benefit accrues to the spammer, 0% to me.

> You speak of cooperative models on one hand, yet don't support those on 
> the other (e.g. eDNS).  The truth is evident when you start erecting
> full-blown packet filters, which are unnecessary, as a response to a
> personal affront.

Actually it's not personal, it's economic.  eDNS is piracy.  Very different.

> It took me 30 seconds to add Earthlink's POPs to my SPAM-blocker SMTP port
> reject list this morning.  That has a near-zero impact on legitimate email 
> delivery, but it stops cold any attempt to relay spam through our 
> mailservers.

Yes, but now that I've got the eBGP feed working I'm starting to do real time
spam reporting/detection that will cause third party unintended relays to be
disabled while a spammer is still trying to use them.  Not everyone wants to
spend that 30 seconds, and if we don't make spamming even less profitable
than it is now, you'll be spending that 30 seconds 15 times per hour, 24x7.

> That's a point-source response to the problem Paul.  Try it on sometime.

I prefer as far as that goes.  But the
problem isn't limited to a point, there are a LOT of people who want the
same protection I work so hard to give myself, and I am donating that
protection to anyone who wants it.
- - - - - - - - - - - - - - - - -