bin/176713: [patch] nc(1) closes network socket too soon
Ronald F. Guilmette
rfg at tristatelogic.com
Mon Jul 22 01:44:15 UTC 2013
In message <20130721041338.2121.qmail at f5-external.bushwire.net>,
"Mark Delany" <n7w at delta.emu.st> wrote:
>> servers running certain protocols. For example, the rules of the SMTP
>> protocol... just to name one... require that a client wait until the
>> server has sent out an initial greeting banner before the client sends
>> anything to the server. Some SMTP servers are lenient about enforcing
>> this protocol rule, so in practice it may often not be necessary to wait
>
>A while back "fast talkers" as they were called, were a known
>signature of some spam bots.
That is correct.
>The guess is that they would just write
>the whole SMTP transaction in one write() immediately following the
>connect() and be done with it.
Yes.
>A useful optimization when you're
>blatting out billions of spam.
I suppose so.
>You don't see a big mention of this in search engines, so I don't know
>how prevalent they are now.
>
>Point being that such an option might be useful to avoid triggering
>any detectors that might still be looking for this.
I'm sorry, but I am not following you.
Were you attempting to say that this would be a good thing or a bad thing?
(Personally, don't think it matters much one way or the other. Blocking
"fast talkers" was never a terribly effective anti-spam technique. It was
just "security through protocol pendantry", and was/is quite entirely
trivial for the spammers to work around.)
Regards,
rfg
More information about the freebsd-hackers
mailing list