OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: tarpit
From: Brad Knowles (blkskynet.be)
Date: Mon Aug 21 2000 - 05:03:28 CDT

At 2:37 AM -0700 2000/8/21, Ronald F. Guilmette wrote:

> If any brave soul wants to help with this project, then please raise your
> hand. I'll send you the patches, and you can bring it up on some back
> room machine, and then beat on it for awhile and tell me how well you
> it seems to be working.

        I don't make any promises with regards to the amount of time I
have available, but I'd at least be interested in looking at how you
do this, and probably interested in giving it a try.

> Tarpitting is actually a rather stupid and futile way to try... lamely...
> to control the utilization rate of some resource, specifically a mail server.

        I see "tarpitting" as more useful on the inbound side (where you
have to accept mail from any variety of "unknown" systems on behalf
of your users), than on the outbound side. I see authentication and
database solutions such as yours being much more useful on the
outbound side.

> The Right Thing To Do is really just to allow only authorized people to use
> the thing at all, and to monitor even those authorized people, and if any of
> THEM get out of line and star sending massive amounts of stuff, then just
> cut them off completely. Why slow them down when you can just terminate
> their ability to use the service _completely_?

        Right, this is the outbound side.

> Using authenticated SMTP has _lots_ of advantages, in addition to and on top
> of giving you far more and far better control over who can and can't use
> your mail server to send outgoing mail. It also let's you monitor how much
> each individual user is using. That way you can kill them if they use to
> much (i.e. if they are spamming) or you could perhaps even bill them per
> kilobyte (or megabyte) of mail sent.

        Yup, that would be really nice, instead of trying to take their
IP address, correlate that with a RADIUS accounting database (to see
what user was using what IP address when), and only then being able
to determine which user made what use of your system at what time. 

--
   These are my opinions -- not to be taken as official Skynet policy
======================================================================
Brad Knowles, <blkskynet.be>                || Belgacom Skynet SA/NV
Systems Architect, Mail/News/FTP/Proxy Admin || Rue Colonel Bourg, 124
Phone/Fax: +32-2-706.13.11/12.49             || B-1140 Brussels
http://www.skynet.be                         || Belgium

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
     -Benjamin Franklin, Historical Review of Pennsylvania.