On Thu, 2004-12-02 at 11:53, Joe Emenaker wrote: > Christopher X. Candreva wrote: > > >On Wed, 1 Dec 2004, Robert LeBlanc wrote: > > > >This actually sounds like it would be a good public DNSBL. Rather than have > >everyone fingerprint, the central DNSBL would perform fingerprinting of IPs > >that are requested and not in the cache, then cache the results. > > > >Otherwise, everyone running the fingerprints could add up to a good amount > >of traffic. > > ... especially on spammers' connections. :)
Unfortunately p0f is passive so no DDoS on the spammers. :( :) > The only problem with having a central fingerprint server would be DoS > attacks by the spammers. Distributed DNS is well understood. Might be spendy, tho... A DNSRBL of Windows desktop OS (W98, WME, W2kPro, WXPPro) SMTP sources with a fairly short expiry might be useful. Have the trusted spamtraps run p0f and collect the data, and update the distributed DNS in realtime. -- John Hardin Internal Systems Administrator (Seattle) CRS Retail Systems, Inc. 3400 188th Street SW, Suite 185 Lynnwood, WA 98037 voice: (425) 672-1304 fax: (425) 672-0192 email: [EMAIL PROTECTED] web: http://www.crsretail.com ----------------------------------------------------------------------- If you smash a computer to bits with a mallet, that appears to count as encryption in the state of Nevada. - CRYPTO-GRAM 12/2001 -----------------------------------------------------------------------
