You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by up...@3.am on 2004/07/20 17:12:50 UTC
What about DDOS's? WAS: Re: Using BigEvil
On Mon, 19 Jul 2004, Jeff Chan wrote:
> I believe the answer is yes to all of the above. However
> BigEvil.cf is now so big that it may no longer be practical
> to run for many folks. It's probably better to use ws.surbl.org
> instead:
>
> http://www.surbl.org/
>
> ws has the same domain content as BigEvil but in more efficient
> SURBL form.
ok, it's more efficient (how?), but we've all seen various BLs being taken
down by DDOS attacks. I would have thought distributing the contents
would be a move in the right direction to prevent this.
What exactly does this BL do with the list that makes it more efficient?
Presumably it still has to run checks, only from alot more clients.
Sorry if this was already covered, but I've been sort of following threads
on this and didn't see anything...
James Smallacombe PlantageNet, Inc. CEO and Janitor
up@3.am http://3.am
=========================================================================
Re: What about DDOS's? WAS: Re: Using BigEvil
Posted by David Hooton <da...@gmail.com>.
On Tue, 20 Jul 2004 11:12:50 -0400 (EDT), up@3.am <up...@3.am> wrote:
> On Mon, 19 Jul 2004, Jeff Chan wrote:
>
> > I believe the answer is yes to all of the above. However
> > BigEvil.cf is now so big that it may no longer be practical
> > to run for many folks. It's probably better to use ws.surbl.org
> > instead:
> >
> > http://www.surbl.org/
> >
> > ws has the same domain content as BigEvil but in more efficient
> > SURBL form.
>
> ok, it's more efficient (how?), but we've all seen various BLs being taken
> down by DDOS attacks. I would have thought distributing the contents
> would be a move in the right direction to prevent this.
SURBL is more about providing a faster way to stop spam than it is
about the technical merit of various methods of content distribution.
By faster I mean more efficient than spamassassin .cf files.
RSYNC access to the data is available. I can understand the concern
about denial of services, however this is true of any project which
relies on internet infrastructure to distribute content/data - and
well, Chris's Bigevil.cf file has now gotten so big it is in itself
denial of serviceing some people's boxes!
> What exactly does this BL do with the list that makes it more efficient?
> Presumably it still has to run checks, only from alot more clients.
The SURBL is more efficient than the Bigevil.cf because it requires
less resources and only completes one DNS lookup per URL, rather than
checking each URL against a series if regular expressions in a .cf
file
Given the size that Bigevil has recently become I think you'll agree
that one DNS lookup is much better than thousands of regex checks.
--
Regards,
David Hooton