On Mon, 19 Aug 2013 07:52:15 -0700 (PDT) John Hardin <jhar...@impsec.org> wrote:
> >> Have you considered TCP Tarpitting instead of just blocking them? > >> Blocking them doesn't actually *punish* them. Getting their MTAs > >> *stuck* for hours or days does. > > IMO, tarpitting is useless. When you have hundreds, thousands or > > more compromised zombie computers at your disposal, you're not even > > going to notice tarpitting. > How likely is a repeat offender to be a zombie? Very. It'll be the same offender, but most likely a different zombie. > It seems to me that greylisting and TCP tarpitting catch both sides > of the problem. Greylisting blocks junk from the single-attempt > zombies, and TCP tarpitting will catch the ones who are persistent > offenders. In my opinion, greylisting is worth the tradeoff because it actually works; I have data to back that up. I do not have data to show that tarpitting does any good and my gut feeling is that it doesn't. > We can't solve the problem completely with this, so it's not worth > the effort to *reduce* the problem? Again in my opinion, tarpitting doesn't even reduce the problem measurably. Do you have data to show that tarpitting is actually effective? Regards, David.