[Remops] neverending flood

[Bananasplit Admin]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Mon, Oct 08, 2007 at 06:53:25AM +0200, Marco A. Calamari wrote:
> After more than one month, the flood doesn't appear to
>  stop; there are changes to the set of flooded remailer
>  and the more a remailer in performing, the more is flooded.

Yes, it seems the originator is using a high MINREL when forming his
remailer chains.

> No analisys of the flood was done ? It seems to me
>  a mixmaster-only middle-only flood that nilsimsa is unable to 
>  intercept.

I use syslog-ng and enabled some filtered logging to try and identify a
source.  Whilst it's impossible to say with any certainty that a given
address is the cause, there were some very strong pointers to a specific
DHCP managed sub-domain.

I'd be interested to hear if any other remops have taken steps to
identify or block the source.  It's always a sensitive topic to discuss
after the very public attempts by Frog-Admin to identify a flooder back
in February 2000 but IMO there's reasonable justification for trying to
prevent the ingress of thousands of messages from a single source,
providing it can be done without a trumpet fanfare and a public naming
of the suspected instigator.

- -- 
()  ascii ribbon campaign - against html e-mail 
/\  www.asciiribbon.org   - against proprietary attachments
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHCf7TlKZ6CY7Vd0MRCgdpAKCxSnwDE/2n9nWL6kThEa8OqtQiZQCguO1A
RdZoGKcD3EHUpf2x7PlX6e8=
=t0hd
-----END PGP SIGNATURE-----