Thu Jun 30 03:32:04 UTC 2005
> ] i think you might want to do something more insideous than blacklisting, > ] which is ignore all checksums you're sent from these address blocks, > ] and always respond with MANY when asked a question from these address > ] blocks. > > I appreciate the trick of marking all mail from customers of misbehaving > ISPs as if it were spam on the DCC server-side. That's an idea that > might have applications elsewhere. However, if the black eye for the > DCC matters, making the data not merely selectively unavailable but > wrong sounds worse. Should I understand that you are really saying > it is a bad idea? i don't want their output marked as spam. i want every dcc question asked from within a blacklisted netblock to be answered with "MANY", as if all mail they're receiving has been marked as known-spam by trusted others. i want the mail that bounces to be that which is sent TO them, not that which they try to send. the reason for this is, it's more likely to get affected dcc subscribers from within irresponsible-ISP netblocks to contact you and learn the truth, than if you either dropped their queries on the floor, or always answered "0", or anything else i can think of. > None of the current blacklist entries do not matter to the blacklisted > organizations, because the entries affect networks with sick firewalls > that pass outgoing DCC requests but filter returning DCC answers. > Blacklisting them is invisible to them, because they're own firewalls > effectively blacklist them. The public DCC server blacklist saves cycles > and bandwidth on the servers by letting them not bother responding > with answers that won't be heard. This new notion differs in two ways. > If it works, it would be because it would be noticed. It also is not > purely about protecting the couple dozen public DCC servers but other > servers. General protection was the main idea for the blacklist file > that dccd scans, but it has rarely been used that way. i can understand why blacklisting the way i propose wouldn't be useful if the original problem was a misconfigured firewall. but if the problem is evil dark ur-DCC code forks, it would be pretty effective.
More information about the DCC