nanog mailing list archives

Re: DDoS Question

From: Ken Simpson <ksimpson () mailchannels com>
Date: Thu, 27 Sep 2007 16:49:47 -0700


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

They randomize the name on the subject line. Is this any particular
virus/malware/zombie signature and any suggestion on how to defend
against it besides what I'm already doing (which is all of the
obvious, rbls, spam appliances, hot cocoa, etc.)?

This happened right around the time I started securing the name server
infrastructure with BIND upgrades and recursor/authoritative NS
splitting. :-)


RBLs are only effective against perhaps 50% of spam traffic, because
so much of it comes from never-seen-before zombies. What appliances
are you running? You might want to look at some kind of edge email
traffic shaping layer.

Regards,
Ken

- -- 
Ken Simpson
CEO, MailChannels

Fax: +1 604 677 6320
Web: http://mailchannels.com
MailChannels - Reliable Email Delivery (tm)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG/EGb2YHPr/ypq5QRAuKNAKCYqf7uVoJmSAdKSSFH1NOTsLsZ6gCgk1Id
7+dI9UOemZtgqAI5pM+LwY4=
=V0fG
-----END PGP SIGNATURE-----

Current thread:

DDoS Question Martin Hannigan (Sep 27)
- Re: DDoS Question Ken Simpson (Sep 27)
  - Re: DDoS Question Roland Dobbins (Sep 27)
  - Re: DDoS Question Tony Finch (Sep 28)
    - Re: DDoS Question Ken Simpson (Sep 28)
- RE: DDoS Question Raymond L. Corbin (Sep 27)
  - Re: DDoS Question Martin Hannigan (Sep 27)
  - Re: DDoS Question Matthew Sullivan (Sep 29)
- Re: DDoS Question Sean Donelan (Sep 27)
- <Possible follow-ups>
- Re: DDoS Question Paul Ferguson (Sep 27)
  - Re: DDoS Question Hex Star (Sep 27)
- Re: DDoS Question Paul Ferguson (Sep 27)

(Thread continues...)