From: Matan Peled (chaosite@gmail.com)
Date: Sat Jan 15 2005 - 03:35:19 EST
dmz wrote:
> I see spammers hitting my MTA daily with dictionary RCTP TO queries
> and there isn't much you can really do against it; however I have been
> thinking about a solution using real time blockers.
>
> The idea is to monitor the logfile of the MTA, looking for a host
> getting more than "X" failed destination addresses (I think 2 or 3 is
> a nice entry threshold). Then when they reach the threshold their IP
> gets put into a local DNS server that is used by the MTA to as a real
> time blocker.
>
> This wouldn't' require more than another RBL addition to the MTA and
> then an external script tied to either bind or djbdns.
>
> thoughts?
> dmz
But wouldn't that be vulnerable to a DoS attack, IE spoofing the IP and denying
service to legitimate clients?
-- [Name ] :: [Matan I. Peled ] [Location ] :: [Israel ] [Public Key] :: [0xD6F42CA5 ] [Keyserver ] :: [keyserver.kjsl.com] encrypted/signed plain text preferred
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:13 EDT