Duplicate Posts - Burst Posts...

From: der Mouse <mouse_at_Rodents.Montreal.QC.CA>
Date: Thu Jun 17 20:25:03 2004

> If I were running an ISP I might be hesitant to implement some of the
> measures, simply due to support issues alone.

Perhaps. It might help to spin it as something other than an anti-spam
measure....

>> A good example is sleep-before-banner. [...]
> That, however, is a good idea. Might do that myself.

Another suggestion which is remarkably effective in my experience is to
do an identd lookup, not for the usual reasons but rather because quite
a number of the zombie-army machines are running toy identds to satisfy
things like IRC servers, and they exhibit certain protocol errors. The
one that's most effective as an anti-spam measure is probably to demand
that the port numbers in the response match those in the query.
(Another common error is to claim a UNIX userid containing characters
that UNIX userids don't contain, but even now, over a decade after 1314
obsoleted 931, I still see a lot of otherwise legitimate hosts running
931-format daemons, claiming UNIX usernames that, from a 1314
perspective, contain whitespace.)

/~\ The ASCII der Mouse
\ / Ribbon Campaign
 X Against HTML mouse_at_rodents.montreal.qc.ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Received on Thu Jun 17 2004 - 20:25:03 BST