Hi, On Wed, 24 Sep 2003 23:13:19 +0100 Daniel Bird <[EMAIL PROTECTED]> wrote:
> Forrest Aldrich wrote: > > > A new approach to DNSBL might be considered, where there is a > > peer-to-peer sharing (authentication, scoring whatever) that mirrors > > content -- something of that nature, whereby the hackers would > > basically have to DDos the entire internet to prevent its use. Not > > sure how such a framework could be reliably implemented; anyone else > > have ideas. It's been done. See http://freenet.sourceforge.net > A P2P DNSBL? interesting. I've also thought about this a little since > the death of Monkeys but also have no idea about how this would be > implimented, but certainly the model of something like direct connect > could work. Whereby a registration to a service would be required before > a seed is released. Once the seed was realized, the new participating > DNSBL could learn from that seed other DNSBLS, and replicate the data, > and then (maybe?) do the RBL lookups locally. > > Obviously, the file (zone) transfers involved would be reasonably large > (anyone have any ideas on who big a DNSBL from someone like SpamHaus > would be?) Note that there's no reason to use DNSBLs if the BL is queried locally. Just generate access lists for sendmail, postfix, exim, and qmail (all of which are much smaller than BIND zone files; not sure about tinydns, djbdns, and the other rbldns[d]? servers.) and ship those around. DNS was only used because it was a convenient distributed hierarchal database, not because DNS is special. If you make a DNSBL accessible to the public, it will be DDoS'd off the net. Hell, the root nameservers have been attacked for extended periods without consequence to the attacker and there's no political will among the Tier-1 providers to find and disable the tens of thousands of 0wnz0r3d zombies out there. There's quite a bit of discussion on SPAM-L about making this work; that's a better forum than SATalk for discussing the future of distributed blocklists. -- Bob ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
