On Thursday 25 September 2003 10:01, Tracy R Reed wrote: > On Thu, Sep 25, 2003 at 09:43:59AM +0100, Gordan spake thusly: > > Agreed. However, a patch to the MTA would be required to give it a > > different mechanism for look-ups, e.g. one that looks up from a text > > file. Either that, or we would need a DNS proxy that would do that for > > the MTA, but this would probably need to be patched into the DNS server > > that the MTA is using. > > Nah...just export the data in zone file format and let them run a zone on > their local nameserver that has the ip's of the open relays and they can > check their own local nameserver and using existing MTA rbl lookup > patches.
Not exactly _REALTIME_ black hole, then. ;-) > > Not if it's done properly. Set it up so that each file is under a > > separate key. Therefore, if a node 1.2.3.4 is an open relay, you would > > insert a file/key called SSK@<public key>/mydnsrbl//1.2.3.4, and put some > > information in it, such as the last time the relay was checked and > > confirmed for openness. > > And make the mail server do a freenet request for each IP that connects to > it to see if it's on the list? No way. Not even when freenet is really > performing well. In deed, that would probably be rather heavy. > > Agreed. But what are the chances of spammers having enough bandwidth to > > DoS the entire Freenet? There are certainly a LOT more zombied machines > > out there than there are Freenet nodes. > > eh...Fairly unlikely. Yeah there are a lot of zombie machines but what a > hassle for the DoS'er to figure out the IP's of a significant number of > freenet machines and divide up their resources to go after it. Really simple. Download seednodes.ref, and go after the machines listed in there. If most (if not all) of the routing table is inaccessible, then that is probably effective enough to make the system unworkable. > > > Ideally we could get one of the existing services to do it. > > > > Then the source node would be traceable and could be attacked. Attacking > > 1 node is still a lot easier than attacking the whole network. > > They wouldn't have to tell anyone that they are the ones doing it. That is true. > > It's not exactly difficult. Set up a script that will scan all IP > > addresses on port 25, and start creating a cache of IP addresses in a > > database. Run a > > Openly scanning netblocks for port 25 is gonna set off alarms all over the > place and probably eventually get your net connection turned off. I sincerely doubt that. A SYN/ACK exchange on port 25 across entire IP space (all 32 bits of it) is probably doable in a few days over a reasonably decent internet connection. Also remember that (in theory) a vast majority of machines will not even respond, or not have the port open. This is doable even with very, very limited resources. How do you think spammers find open relays? I get scanned all the time. And besides a single-attempt scan on an IP address is not going to trigger too much in terms of counter measures. You only need to do it once. If the next time you scan is 1 week away, the chances are that the logs will have rolled over by then anyway. Gordan _______________________________________________ Devl mailing list [EMAIL PROTECTED] http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl
