On Mon, 9 Sep 2002, Iljitsch van Beijnum wrote:
Looking for automatic off-the-shelf solution. Not something that requires a NOC to constantly update a Cisco ACL. -Hank > On Mon, 9 Sep 2002, Hank Nussbacher wrote: > > > The spamming is usually done (but not only) from an Internet cafe where the > > spammer inserts a "spammer CD" and blasts away at open mail relays.When > > SMTP is blocked for that IP, they switch to HTTP and send the spam via MSN, > > Yahoo, Hotmail, Kukamail, Outblaze, Safe-mail, etc. to name just a > > few.Blocking port 80 is harder since it requires maintaining an ever > > larger list of free public web based mail systems or just block port 80 > > entirely. > > You could traffic shape or rate limit the traffic towards port 80 to a few > kbps for each IP address that might be used for spamming. If you allow > small bursts (10 - 50k) this should be just fine for regular web access, > since for that outgoing traffic is minimal: just the HTTP requests and > ACKs. However, it will slow down spamming to at most a couple dozen spams > per minute after the first few that fill up the configured burst size. I > imagine this will make the spammers move on to greener pastures. > Hank Nussbacher