[Dshield] Firewall/Spam defense

John Holmblad jholmblad at aol.com
Tue Oct 21 17:10:53 GMT 2003


Father Peter,

it sound like  a very effective empirical approach with a dramatic 
improvement over other methods.

Although I could think of many reasons why the major ISP's would tell 
you to "pound sand" before giving you details about their address 
blocks, it may be worth a try, especially if you can convince them that 
a) you are letigimate and b) you can help them in their own fight aginst 
this cyberspace pollutant. I would start with the big ones and work your 
way down. After kicking the tires on your legitimacy they may want to 
share such info on a non-disclosure basis only.  I have contacts in AOL, 
Sprint, ATT, Cox, Verizon, and several other ISP's in the US and a few 
outside the US. Please contact me off list if you would like to talk to 
me further about these contacts.

I am not up on what is going on with respect to management of public IP 
address space but it would seem fair, given the SPAM tax that we all pay 
to demand that ISP's publicly register the portion of their address 
blocks that will be utilized for dynamic IP assignment and to have this 
information place in the Whois database for all to see. That way a 
firewall could easily download such information from the various whois 
databases and, if it chooses, to, be suspicious of such accesses in 
whatever way it chooses. In fact, I think there is an interesting 
analogy here between dynamic IP addresses and caller ID, or the lack 
thereof in the public telephone networks of the world. In my home I use 
such a service marketed by Verizon as "call intercept", to catch and 
allow me to block voice SPAM. It works by intercepting the call  and 
issuing a distinct ring tone whenever a call comes in from a number 
without a caller ID. In effect, then Verizon provides me a  voice 
"firewall" service to block this pollution. Of course, I sometimes have 
"false positives" e.g. from international callers but the service is 
very effective nonetheless.  In reality then, if the aforementioned 
changes were made to the Whois databasesof the world, then the ISP's 
themselves could provide the firewalling services.  The more I think 
about this the more I believe some clever mind in ICANN or some such 
organization has already thought deeply about this issue and has gotten 
the ball rolling to do something about it or has rejected the idea as 
unworkable.

I am curious to understand what  information you are gleaning from these 
IP sources without penetrating their network permieters. Is it something 
in the TCP/IP or SMTP header of the SPAM or are you making a 
probabilistic decision based on a particular response to ICMP messages?
-- 

Best Regards,

 

John Holmblad

 

Televerage International

 

(H) 703 620 0672

(M) 703 407 2278

(F) 703 620 5388

 

www page:                      www.vtext.com/users/jholmblad

primary email address: jholmblad at aol.com

backup email address:  jholmblad at verizon.net

 

text email address:         jholmblad at vtext.com




More information about the list mailing list