short Botnet list and Cashing in on DoS

Petri Helenius pete at
Sat Oct 9 18:42:43 UTC 2004

Gadi Evron wrote:

> Blocking port 25 for dynamic ranges means they can't send email, so 
> that drone are pretty useless for spammers on that account. Trojan 
> horses would have to use local information for the user's own account 
> (from Outlook or such).
Next you'll block SIP if we start getting "spam calls"? Or any other 
application that pops up and is used by the same people sending spam today?

> ISP's could then, I suppose, limit every user to 5 emails a minute (or 
> any other number).
> That combined with domain-keys and sender-ID could make for a much 
> prettier Internet, don't you think?
You're fixing the symptom, not curing the cause. The immediate root 
cause is a compromised PC which among other things does send mail across 
port 25. It´ll also send mail using x-y-z webmail or misconfigured 
forms, etc.

> Abuse using port 25 is a major issue today, why not solve it? If a 
> user wants it open, they could always ask for it or even pay more 
> money. Perhaps move to a static IP?

It would be much more beneficial to deny all packets from AS's which 
don't have abuse in control.


More information about the NANOG mailing list