On Thu, Sep 25, 2003 at 09:43:59AM +0100, Gordan spake thusly: > Agreed. However, a patch to the MTA would be required to give it a different > mechanism for look-ups, e.g. one that looks up from a text file. Either that, > or we would need a DNS proxy that would do that for the MTA, but this would > probably need to be patched into the DNS server that the MTA is using.
Nah...just export the data in zone file format and let them run a zone on their local nameserver that has the ip's of the open relays and they can check their own local nameserver and using existing MTA rbl lookup patches. > Not if it's done properly. Set it up so that each file is under a separate > key. Therefore, if a node 1.2.3.4 is an open relay, you would insert a > file/key called SSK@<public key>/mydnsrbl//1.2.3.4, and put some information > in it, such as the last time the relay was checked and confirmed for > openness. And make the mail server do a freenet request for each IP that connects to it to see if it's on the list? No way. Not even when freenet is really performing well. > Agreed. But what are the chances of spammers having enough bandwidth to DoS > the entire Freenet? There are certainly a LOT more zombied machines out there > than there are Freenet nodes. eh...Fairly unlikely. Yeah there are a lot of zombie machines but what a hassle for the DoS'er to figure out the IP's of a significant number of freenet machines and divide up their resources to go after it. > > Ideally we could get one of the existing services to do it. > > Then the source node would be traceable and could be attacked. Attacking 1 > node is still a lot easier than attacking the whole network. They wouldn't have to tell anyone that they are the ones doing it. > It's not exactly difficult. Set up a script that will scan all IP addresses on > port 25, and start creating a cache of IP addresses in a database. Run a Openly scanning netblocks for port 25 is gonna set off alarms all over the place and probably eventually get your net connection turned off. > some email address you use as a testing drop box. To get better and more > reliable results, you'd need a list of all registered domains, so you could > look up their MX. Then try to get through by forging the MAIL FROM and/or > From: headers to the domain (or even specific known to work email address) > that the mail server is supposed to handle. This is the way to go. > Anyway, this is getting very off topic for a Freenet list. Indeed. -- Tracy Reed http://copilotconsulting.com
pgp00000.pgp
Description: PGP signature
_______________________________________________ Devl mailing list [EMAIL PROTECTED] http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl
