[c-nsp] [ot] SMTP
Alexander Clouter
alex at digriz.org.uk
Mon Mar 15 14:45:49 EDT 2010
Alexander Clouter <alex at digriz.org.uk> wrote:
>
>> Sending 90,000 DNS queries to all the different RBLs on a daily basis
>> is an easy way to get banned your network banned.
>>
> Doing that is obviously stupid, however I did not tell you to launch a
> DoS on a RBL :)
>
> [snipped]
>
Scrub that, this is far too much effort.
Layer-4 route-map into your own UNIX box running some kinda of
Net::Pcap perl script that munches egress initial SMTP chit-chat.
As soon as you get to DATA, stop looking at that TCP stream. If you see
a REJECT then record it somewhere and use it to catch the problems as
they happen.
The result, you do not need to subscribe, munch or pay attention to
*any* RBL services. The hard work/expense has already been done by the
SMTP server that is rejecting your userbase.
Cheers
--
Alexander Clouter
.sigmonster says: He who laughs last didn't get the joke.
More information about the cisco-nsp
mailing list