Manuel Arostegui Ramirez wrote:
In this case, I would choose to drop packets since they're not going to stop,
it's better to do not increase the packets on your interface.
That's kinda what I thought too, however as far as the sending
machine is concerned, because it didn't get anything back, it could
potentially see it as a successful delivery and thus continue to deliver
more and more crap. On the other hand, if it does get some kind of reset...
I don't know. I certainly don't want to increase my traffic, but
I'd also don't want to give them any reason to believe that they reached
me and then increase the amount of crap they're sending.
This all started because a few days ago I started getting 3 servers
that are in the Hurricane Electric network sending a ton of spam e-mails
to invalid user names on my network. Ever since I started dropping
their packets, the flow of activity from those 3 machines increased
dramatically. What used to be just a few packets every minute has now
gone to some 5 to 10 packets being dropped every second.
E-Mails to them is simply being ignored...at least, I have yet to
hear anything back or to see a change.
Mind you, the same thing is happening with a lot of other networks
that have been spamming - their activity has also increased over the
last few weeks, basically since I started dropping packets instead of
using hosts.deny (which would send a deny packet back.)
--
W | It's not a bug - it's an undocumented feature.
+--------------------------------------------------------------------
Ashley M. Kirchner <mailto:ashley@xxxxxxxxxx> . 303.442.6410 x130
IT Director / SysAdmin / Websmith . 800.441.3873 x130
Photo Craft Imaging . 3550 Arapahoe Ave. #6
http://www.pcraft.com ..... . . . Boulder, CO 80303, U.S.A.
