Anti-spam System Idea
william(at)elan.net
william at elan.net
Sun Feb 15 06:25:31 UTC 2004
On Sat, 14 Feb 2004 jlewis at lewis.org wrote:
>
> On Sat, 14 Feb 2004, Tim Thorpe wrote:
>
> > If these exist then why are we still having problems?
>
> Because the spammers are creating proxies faster than any of the anti-spam
> people can find them. Evidence suggests, at least on the order of 10,000
> new spam proxies are created and used every day by spackers
> (spammer/hackers).
Add to that (or part of that number) is that many DSL and cable providers
use DHCP to assign ip addresses for short period of time to their customers.
Typically whenever system is reset a new ip would be assigned and a few of
the zombie viruses being installed on the user system causes it to become
unstable (especially if its trying to send email and can not and keeps
retrying after the ip is on blacklist) and those users begin to reboot the
computer trying to get it to work properly resulting in those computers
getting new ip addresses which would again be outside of blacklist
> > Why do we let customers who have been infected flood the networks with
> > traffic as they do? Should they not also be responsible for the security
> > of their computers? Do we not do enough to educate?
Just completely blocking access to those users seems an overly agressive
punishment (which actually caused quite a few angry users who left their
dsl provider). Some providers deal with this by blocking port25 or redirecting
it their own smtp server - some even do it onj their networks for all
customers no matter if they got any reports or not (as preventative measure).
While there are many techs who don't like this practice it does seem that
this solution effectively removes the PC from being used as source of
spam even if it becomes a zombie.
--
William Leibzon
Elan Networks
william at elan.net
More information about the NANOG
mailing list