I think the idea here is to perform filtering on a gateway machine to avoid hitting the main mail servers as heavily. Filtering probably won't catch all of it, but hopefully it would reduce the load significantly. Obviously the gateway still has to handle the full load, but it should probably be a stripped down machine, or machines,...and then customers do not see degraded performance on the main mail server as a result.
Of course if the main issue is the flooding of your connection point to the backbone provider, then this won't make a difference... but I would expect that to be a much bigger problem with UDP traffic instead of TCP, especially mail. Not to say it won't happen someday though. The problem large providers have is that for every customer that wants something blocked, someone else wants it left open, but you have a good point about getting them to block it just for your segment....guess it's just not a service they're prepared to offer yet. Darin. ----- Original Message ----- From: "Mark" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 09, 2004 4:28 PM Subject: Re: [IMail Forum] Are we vulnerable Unfortunately the attacks will be successful no matter what we do to prevent it. As I have found out in the past when monitoring attacks against our ISP business the mere fact that large volumes of packets are coming down the pipe to our routers and servers clogs the pipe so that legitimate traffic cannot make it through. We put in a gateway to prevent bad traffic from hitting our email servers and we configure our routers to stop other types of attacks from getting to our gateways. All that traffic ends up in the bottleneck... the routers. I have had endless discussions with our backbone providers about their being more proactive in protecting our piddling bandwidth by filtering out the simple obvious attacks. Case in point is the blaster worm. Had Sprint, MCI, etc just blocked those ports on their end we wouldn't have had as big a problem as it eventually became. Currently the backbone providers (with the bandwidth available) refuse to do anything to help those of us with smaller bandwidth. I continue to fight them on these issues and have been considering some form of legal action but it's a tough row to hoe. At 02:13 PM 4/9/2004, you wrote: >Gotcha... in this case, original headers aren't liable to be useful...but >perhaps there will be enough info in the partial original message for a text >filter. > >Darin. > > >----- Original Message ----- >From: "Len Conrad" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Friday, April 09, 2004 2:59 PM >Subject: Re: [IMail Forum] Are we vulnerable > > > > >My point is that the bogus bounces and legitimate bounces will look the > >same, considering clipped content and subject replacement by most mail > >servers. > >Serious MTAs will include the original messages headers and some KB of the >bounce msg. > >My point is that you can often find enough info in the bounce msg to define >a filter. > >Len > > >_____________________________________________________________________ >http://MenAndMice.com/DNS-training : Atlanta; SFO; Denver; NYC >http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites > > >To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html >List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ >Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > >To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html >List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ >Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ >--- >[This E-mail scanned for viruses courtesy of Netslyder, >Inc.(http://www.netslyder.net)] --- [This E-mail scanned for viruses courtesy of Netslyder, Inc.(http://www.netslyder.net)] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
