short Botnet list and Cashing in on DoS
pete at he.iki.fi
Sat Oct 9 18:42:43 UTC 2004
Gadi Evron wrote:
> Blocking port 25 for dynamic ranges means they can't send email, so
> that drone are pretty useless for spammers on that account. Trojan
> horses would have to use local information for the user's own account
> (from Outlook or such).
Next you'll block SIP if we start getting "spam calls"? Or any other
application that pops up and is used by the same people sending spam today?
> ISP's could then, I suppose, limit every user to 5 emails a minute (or
> any other number).
> That combined with domain-keys and sender-ID could make for a much
> prettier Internet, don't you think?
You're fixing the symptom, not curing the cause. The immediate root
cause is a compromised PC which among other things does send mail across
port 25. It´ll also send mail using x-y-z webmail or misconfigured
> Abuse using port 25 is a major issue today, why not solve it? If a
> user wants it open, they could always ask for it or even pay more
> money. Perhaps move to a static IP?
It would be much more beneficial to deny all packets from AS's which
don't have abuse in control.
More information about the NANOG