RE: Spamhaus...

["Tomas L. Byrnes" <tomb () byrneit net>]

> -----Original Message-----
> From: Patrick W. Gilmore [mailto:patrick () ianai net]
> Sent: Sunday, February 21, 2010 11:17 AM
> To: NANOG list
> Subject: Re: Spamhaus...
>
> On Feb 21, 2010, at 1:01 PM, William Herrin wrote:
> > On Sun, Feb 21, 2010 at 9:10 AM, Rich Kulawiec <rsk () gsp org> wrote:
> > > Hint: nothing stops the spammers from pointing the MX records for
> their
> > > throwaway domains at somebody else's mail servers.  Among other
> things.
> > > MANY other things, unfortunately.
>
> > Clearly I shouldn't respond to any packets at all. After all, a bad
> > actor can originate packets with a forged source address and I
> > wouldn't want to abuse your network with unwanted echo-replies,
> > syn-acks and rejs.
>
> Bill:
>
> That is actually somewhat correct.
>
> You should not randomly respond to packets at arbitrary rates.  If you
> do, you are being a bad Netizen for exactly this reason.  See things
> like amplification attacks for why.
>
> Of course, if you can get proper responses, say TCP sequence numbers,
> proving the other side really is talking to you, then that limitation
> is removed.

[Tomas L. Byrnes] Ok, so now we can agree on something: You should have
a POLICY about how you handle packets. Now, while trying very hard to
hold my powder since that is what the ThreatSTOP patent is about, how do
you propose to define, and implement, that policy efficiently across
multiple devices, from multiple vendors, in real time?