Re: Good reasons to dont use RBLs
Hi! On Thu, 2009-11-12 at 21:41 -0600, Luis Daniel Lucio Quiroz wrote: [...] > Again me, Well, in the security scope i use a principle that states that you > souldnt use a lower layer solution to fix a higher one. So SPAM is a Layer 7 > problem that is used to fixed with a Layer 3 solution (RBL). You are mistaken that RBLS *solve* the spam problem. It's just one tool - and there others too like filtering viruses/trojans, filtering at SMTP level (based on Mail-From: and Rcpt-To:) and/or grepping for certain words in the contents (and the list doesn't claim to be complete - or even extensive). > I'd like a brainstorm to convince that a RBL solution is not the best stoping RBLs as such can be a solution to stop the average botnet (because you plain simply do not accept connections from host with a > 95% spam history). OF course, it's *Your* layer > 7 decision if and which RBL to use and/or run your own (based on whatever data, e.g. on the results of your Bayes filter?!). > SPAM, and we should look for L7 solution such as Bayes. Bayes is only statistics - nothing else. I don't know on which layer that lives in the OSI world. And Bayes has other issues, e.g. - how to handle false positives and false negatives and/or - CPU and I/O performance f you have a real big mail server/cluster and/or - what to do if you have a mailserver on each continent (with appropriate MX records for global high-abailability). How do I merge several Bayes-DBs? And of course combinations thereof. So please don't claim that RBLS are "the solution to spam" (or that such "a solution to spam" even exists[0]) and do not talk people out from using one or the other tool to fight spam. Bernd [0]: IMHO there is one solution: Make email expensive enough that it doesn't pay off for the spammers. But - looking at my snail mailbox - spam won't go away or even get small enough to be acceptable. So the result will be just people won't use email because it's too expensive. -- Firmix Software GmbH http://www.firmix.at/ mobil: +43 664 4416156 fax: +43 1 7890849-55 Embedded Linux Development and Services
Re: Good reasons to dont use RBLs
Luis Daniel Lucio Quiroz wrote: Hi all, Again me, Well, in the security scope i use a principle that states that you souldnt use a lower layer solution to fix a higher one. So SPAM is a Layer 7 problem that is used to fixed with a Layer 3 solution (RBL). I'd like a brainstorm to convince that a RBL solution is not the best stoping SPAM, and we should look for L7 solution such as Bayes. SA has no effect on L3 -- Arvid Asgaard Technologies
Re: Good reasons to dont use RBLs
Luis Daniel Lucio Quiroz a écrit : > Hi all, > > Again me, Well, in the security scope i use a principle that states that you > souldnt use a lower layer solution to fix a higher one. So SPAM is a Layer 7 > problem that is used to fixed with a Layer 3 solution (RBL). > > I'd like a brainstorm to convince that a RBL solution is not the best stoping > SPAM, and we should look for L7 solution such as Bayes. > If someone tries to guess a working login:pass on your server and does this a thousand times in a short period, you will still let him continue because passwords are L7 and the IP address is at L3? if you want talking about principles, then "defence in depth" suggests using all your levels to block attacks. In short, segment your zones, your diagrams, your reports, but do not segment your defences. When you hear "divide and conquer", divide the problem, not your army. you still want to coordinate your defences so as to increase their efficiency. Besides, spam is at Layer PI (3.1415) ;-p
Re: Good reasons to dont use RBLs
Luis Daniel Lucio Quiroz wrote: Hi all, Again me, Well, in the security scope i use a principle that states that you souldnt use a lower layer solution to fix a higher one. So SPAM is a Layer 7 problem that is used to fixed with a Layer 3 solution (RBL). I'd like a brainstorm to convince that a RBL solution is not the best stoping SPAM, and we should look for L7 solution such as Bayes. TIA LD I use RBLs because they work. If something actually works I use it.
Re: Good reasons to dont use RBLs
Hi! I reject the notion that spam is a L7 problem. It is more of a L8 problem... money. Warren Or L9, users. In the end :) Bye, Raymond.
Re: Good reasons to dont use RBLs
Hi! Again me, Well, in the security scope i use a principle that states that you souldnt use a lower layer solution to fix a higher one. So SPAM is a Layer 7 problem that is used to fixed with a Layer 3 solution (RBL). I'd like a brainstorm to convince that a RBL solution is not the best stoping SPAM, and we should look for L7 solution such as Bayes. Try this on a multi million user system and come back again :) You are most likely right but that wont fix your problem. If you think the way you do please redesign the mailsystem. Its a application issue, so with it there. Bayes is also not a solution, its preventing things afterwards. Fix it with the source, e-mail isnt designed for what its beeing used for today You can brainstorm, but it wont scale. Bye, Raymond.
Re: Good reasons to dont use RBLs
On fre 13 nov 2009 04:41:36 CET, Luis Daniel Lucio Quiroz wrote I'd like a brainstorm to convince that a RBL solution is not the best stoping SPAM, and we should look for L7 solution such as Bayes. and ip's is not part of bayes db ... -- xpoint
Re: Good reasons to dont use RBLs
On 12-Nov-2009, at 21:55, McDonald, Dan wrote: > On 11/12/09 9:42 PM , > luis.daniel.lu...@gmail.com wrote: >> Again me, Well, in the security scope i use a principle that states that >> you > souldnt use a lower layer solution to fix a >higher one. So SPAM is a Layer > 7 >> problem that is used to fixed with a Layer 3 solution (RBL). > > So, worms like conficker are layer 7 applications. Should we not apply a > layer 4 access control (stopping port 445 at the AS border) to help mittigate > the spread of it? RBLs are a L3 solution to an L3 problem (I don't want THAT server talking to my server). It's L3 all the way. L4 applies after the connection has been established (which is why it's called the Transport Layer) -- I WILL NOT DEFAME NEW ORLEANS Bart chalkboard Ep. 9F01
Re: Good reasons to dont use RBLs
On 11/12/09 9:42 PM , luis.daniel.lu...@gmail.com wrote: >Again me, Well, in the security scope i use a principle that states that you souldnt use a lower layer solution to fix a >higher one. So SPAM is a Layer 7 >problem that is used to fixed with a Layer 3 solution (RBL). So, worms like conficker are layer 7 applications. Should we not apply a layer 4 access control (stopping port 445 at the AS border) to help mittigate the spread of it? -- Daniel J McDonald, CCIE #2495, CISSP #78281
Re: Good reasons to dont use RBLs
On 11/12/2009 10:50 PM, LuKreme wrote: On 12-Nov-2009, at 20:41, Luis Daniel Lucio Quiroz wrote: I'd like a brainstorm to convince that a RBL solution is not the best stoping SPAM, and we should look for L7 solution such as Bayes. I reject the notion that spam is a L7 problem. It is more of a L8 problem... money. Warren
Re: Good reasons to dont use RBLs
On 12-Nov-2009, at 20:41, Luis Daniel Lucio Quiroz wrote: > I'd like a brainstorm to convince that a RBL solution is not the best stoping > SPAM, and we should look for L7 solution such as Bayes. I reject the notion that spam is a L7 problem. -- Ninety percent of true love is acute, ear-burning embarrassment. --Wyrd Sisters