[Dshield] RBL deaths OT?

Patrick Andry pandry at wolverinefreight.ca
Thu Sep 25 17:32:32 GMT 2003


The big problem with RBL's is not that there is no funding, but that they have 
come under attack by DDoS recently.  Two smaller RBL's shut down this week,
and there has been talk that SPEWS has been targetted as well.  Small sites do 
not have the money to spend on mutliple internet feeds, redundant systems and 
major load balancing.  Even if they had something in place, targetting the 
authoritative nameservers would not be that hard to do.
To set up a commercial RBL, you're going to have to do some major load 
balancing, have support from your upstream provider, and a lot of luck.  
One benefit of being a commercial site would be that you could actually claim 
damages, thereby having the FBI investigate.  

On September 25, 2003 12:09 pm, David Sentelle wrote:
> Preface:  These are all numbers off the top of my head or pulled out of
> my...  errr...  pulled out of the air.  I encourage people to correct my
> numbers, probably off-list to keep the noise down.
>
> So lots of RBLs are dying.  That's because they're free.  Why isn't
> there a commercial one?
>
> A network with 100 'average' users might receive 1000 emails daily?
> What is that in bandwidth?  3k per positive spam lookup, maybe 1k for
> negative spam result lookups?  300k per site per day?  100,000 similar
> clients using the RBL would generate 30000Mb of bandwidth?  a T3 with
> 45Mbps should be able to handle that much data in under 2 hours, right,
> so spread out over all day would work, right?  With room to grow?
>
> What's a T3 cost annually?  $500,000?  Any ideas?  I don't even have a
> full T1, and no way to gauge the cost of a T3.
>
> Would 4 servers be enough to handle the load?  Lets estimate that those
> 4 beefy servers would cost a total of $40,000.
>
> 5 people managing it might work.  Room for housing this stuff  plus
> miscellaneous expenses, let's just throw out a $1,000,000 figure.  Nice
> salaries, nice office.
>
> So we've got 100,000 people paying $25 annually coming to $2.5 million.
>  By my way off the cuff calculations I would still be making killer
> profit.  We could even buy Osirusoft's old system for another $1,000,000
> and only be a little in the red.  That would cut down on a lot of
> engineering effort rebuilding the wheel.
>
> I'd love to interview someone from Osirusoft or monkeys to get ideas if
> these numbers are way whacked out.
>
> Anyone else got feedback? More than that, contact info from people
> who've run some of the now dead RBLs would be priceless.
>
>   :)
>
> ----------------------------------------
> David Sentelle
> Network Operations Specialist
> Commerce National Bank
> 614.583.2082 Voice    614.583.2201 Fax
>
>
> This e-mail and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to which they
> are addressed.  If you have received this e-mail in error, you are
> prohibited from using, divulging any of its contents, or forwarding
> this email.  Please notify admin at cnbcbank.com and delete it from
> your system.
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list