Steve Lamb wrote:
John Summerfield wrote:
I've not yet explored how to do it, but I quite like the idea of
blocking connexions from anyone trying my spambait addresses below (yes,
they are turning up in my logs).
For a while I thought about blocking connections from dictionary spammers and spammers that constantly hit my box. But then I decided to go a different route. My machine processes maybe 500 legitimate messages a day. The chances of my inbound connections (set to 10) being all hit at the same time is pretty darn remote. Even so they won't be tied up for all that long. So instead I just had my machine consider, carefully, any reject message it gives on certain behaviors. Send to a bad address at my machine, it'll check for the address and let you know what it finds in 20s. After 20 of them it'll decide you dunno whom you're looking for and tell ya to shoo. 20 * 20s = 400s or just shy of 7 minutes. If a dictionary spammer wants to tie up one of his connections for 7 minutes to attempt 20 bad addresses at my machine who am I to discourage him? :D
<->
There is at least one tarpit if you want to get serious about it.
Oh, if you want to tie these people up even longer, dynamically write a firewall rule to deflect it to a different port where you can consider these matters with even greater care.
I'd expire the rule after a time though. If the IP changes hands, no point in punishing the new owner, and if the same offender returns from the same IP, well consider his application afresh.
--
Cheers John
-- spambait [EMAIL PROTECTED] [EMAIL PROTECTED] Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
