nanog mailing list archives
Re: IPv6 isn't SMTP
From: Blake Hudson <blake () ispn net>
Date: Thu, 27 Mar 2014 14:36:14 -0500
Barry Shein wrote the following on 3/26/2014 11:24 PM:
Some will blanche at this but the entire spam problem basically arose from the crap security in Windows systems, particularly prior to maybe XP/SP2. Not sure where all that leads us, however. Better security at those major exploitation points, in a nutshell. And if someone disagrees then please tell me how spammers as we know them (and related miscreants) can operate without these few sources of purloined resources. Preferably without a big hand-wave like "oh they'll just find something else!" Maybe not!
You're largely right. Botnets are a big source of spam. As a mail server operator, they're the biggest source that I see. They're also easy to block through a number of means (The ISPs they're located on often block port 25, PBL (or similar), rDNS, and other behavior). It sounds like it will likely be a similar matter of blocking residential botnet participants on IPv6 due to the fact that residential ISPs will likely apply similar port 25 policy to IPv6 as they do to IPv4 and no rDNS.
However, as more attention is being payed to secure these end stations, spammers are looking at alternative avenues. In recent years, they've been harvesting user credentials through various means and then exploiting these compromised accounts to send email through otherwise legitimate servers. These are the spam messages that are hard to block. And these may be the areas where reputation based services will not be able to keep up in an IPv6 landscape. At least this concentrates the sources of spam (from my server's vantage point) and reduces the attack surface so that the problem is likely addressed more quickly and by someone with a higher level of knowledge than the average (unknowing) botnet participant.
Unfortunately, I can't keep Suzie teenager or Joe grandpa from giving his or her password out to a phisher. Fortunately, I can place reasonable limits on their accounts and the number of messages they're allowed to send or the rate at which they're allowed to send messages. If everyone else would just do the same we'd be a lot better off against this kind of attack.
--Blake
Current thread:
- Re: IPv6 isn't SMTP, (continued)
- Re: IPv6 isn't SMTP Tony Finch (Mar 27)
- Re: IPv6 isn't SMTP Larry Sheldon (Mar 25)
- Re: IPv6 isn't SMTP Jimmy Hess (Mar 25)
- Re: IPv6 isn't SMTP Dave Crocker (Mar 26)
- Re: IPv6 isn't SMTP Jimmy Hess (Mar 25)
- Re: IPv6 isn't SMTP Larry Sheldon (Mar 25)
- Re: IPv6 isn't SMTP Jeff Kell (Mar 25)
- Re: IPv6 isn't SMTP John Levine (Mar 25)
- Re: IPv6 isn't SMTP Barry Shein (Mar 26)
- Re: IPv6 isn't SMTP Dave Crocker (Mar 26)
- Re: IPv6 isn't SMTP Barry Shein (Mar 26)
- Re: IPv6 isn't SMTP Blake Hudson (Mar 27)