short Botnet list and Cashing in on DoS
Petri Helenius
pete at he.iki.fi
Sat Oct 9 18:42:43 UTC 2004
Gadi Evron wrote:
>
> Blocking port 25 for dynamic ranges means they can't send email, so
> that drone are pretty useless for spammers on that account. Trojan
> horses would have to use local information for the user's own account
> (from Outlook or such).
>
Next you'll block SIP if we start getting "spam calls"? Or any other
application that pops up and is used by the same people sending spam today?
> ISP's could then, I suppose, limit every user to 5 emails a minute (or
> any other number).
>
> That combined with domain-keys and sender-ID could make for a much
> prettier Internet, don't you think?
>
You're fixing the symptom, not curing the cause. The immediate root
cause is a compromised PC which among other things does send mail across
port 25. It´ll also send mail using x-y-z webmail or misconfigured
forms, etc.
> Abuse using port 25 is a major issue today, why not solve it? If a
> user wants it open, they could always ask for it or even pay more
> money. Perhaps move to a static IP?
It would be much more beneficial to deny all packets from AS's which
don't have abuse in control.
Pete
More information about the NANOG
mailing list