short Botnet list and Cashing in on DoS
Stephen J. Wilcox
steve at telecomplete.co.uk
Sat Oct 9 19:25:53 UTC 2004
On Sat, 9 Oct 2004, Gadi Evron wrote:
> > there are many ways of sending spam that dont use port 25..
> True, but reducing spam from millions to thousands seems like something good,
their market wont change tho, you will just force them to use another method..
at one time open relays were almost exclusively the way used to send spam, now
they arent nearly as popular (or available)
you can see the same with other problems eg dos attacks were once all smurfs,
a lot of effort was put into removing amplifiers and now we have the botnets..
i'm not saying do nothing, just only do things which make sense and are
> > individual rules are costly to implement and users wont use a service where you
> > have to pay more for basic services
> Several big ISP's are blocking port 25 now. I believe this will catch.
we need to look at some examples and what theyre doing exactly.. some redirect
it forcibly to their own servers. but i believe this approach is limited in how
you can apply it.. someone like aol can pretty well classify their users as low
end residential and thats fine ... but move away from this and special
requirements start creeping in and exceptions are not scalable enough.
> It limits the amount of junk coming out from their users, and the usage
> of their tubes.
> I doubt even 0.001% of dynamic range Cable/DSL users will ever call to
> ask for port 25 to be opened.
i'd suggest your estimate is too low based on all end users
> This is something ISP's can implement, and it works.
this is something *some* isps can do ... and i'm not arguing that we shouldnt do
these little things but its just one limited way and serves more to reduce
problems with your own users than to reduce inbound spam
More information about the NANOG