Date: Sun, 21 Jul 2013 18:44:05 -0700 From: "Ronald F. Guilmette" <rfg@tristatelogic.com> To: freebsd-hackers@freebsd.org Subject: Re: bin/176713: [patch] nc(1) closes network socket too soon Message-ID: <91904.1374457445@server1.tristatelogic.com> In-Reply-To: <20130721041338.2121.qmail@f5-external.bushwire.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20130721041338.2121.qmail@f5-external.bushwire.net>, "Mark Delany" <n7w@delta.emu.st> wrote: >> servers running certain protocols. For example, the rules of the SMTP >> protocol... just to name one... require that a client wait until the >> server has sent out an initial greeting banner before the client sends >> anything to the server. Some SMTP servers are lenient about enforcing >> this protocol rule, so in practice it may often not be necessary to wait > >A while back "fast talkers" as they were called, were a known >signature of some spam bots. That is correct. >The guess is that they would just write >the whole SMTP transaction in one write() immediately following the >connect() and be done with it. Yes. >A useful optimization when you're >blatting out billions of spam. I suppose so. >You don't see a big mention of this in search engines, so I don't know >how prevalent they are now. > >Point being that such an option might be useful to avoid triggering >any detectors that might still be looking for this. I'm sorry, but I am not following you. Were you attempting to say that this would be a good thing or a bad thing? (Personally, don't think it matters much one way or the other. Blocking "fast talkers" was never a terribly effective anti-spam technique. It was just "security through protocol pendantry", and was/is quite entirely trivial for the spammers to work around.) Regards, rfg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?91904.1374457445>