botted hosts
Dean Anderson
dean at av8.com
Tue Apr 5 22:51:45 UTC 2005
On Mon, 4 Apr 2005, Sam Hayes Merritt, III wrote:
> > Unblocking on customer request is an expensive operation, for both the
> > ISP and the customer.
>
> > And they frequently assume that network operations changes are
> > free---Comcast reported that it would cost $58 million to implement port
> > 25 blocking and notify customers, just for Comcast.
>
> Anyone can come up with a number to convince themselves that they don't
> need to do the 'right thing'. Comcast is probably using Docsis. Docsis
> makes applying filters on a per user basis pretty darn easy.
Thats not the only thing they have to do. They have to (probably)
1) change the user service agreements
2) notify users of upcoming change several times
3) alter docsis on networks in hundreds of cities.
4) Staff additional support to handle calls.
5) lose business because many people want to send email to the
server of their choice.
> AOL blocks outbound 25.
They've said this for many years, but I have hundreds of AOL addresses
that have tried to abuse our relays. Maybe they do in some places, but not
everywhere.
Aug 6 2003 172.155.12.106 Trace 1638
This sort of attempted open relay abuse stopped only after the open relay
blacklists shutdown in late 2003.
Indeed, after about a year of complete quiet, abuse just started up again
about mid March, but not as strong as before: Very few hosts, very few
nets. Pretty lame, really, in comparision with the old days. All from
Korea, and China targeting Korean ISPs, and one from Uruguay targeting
Uruguayan ISP. Pretty definitely mailbombing by some open relay zealots
or script kiddies, who probably pass themselves off as anti-spammers.
It was interesting because I first got wind when some bounces were
recieved from a Korean open relay. I got them because they were forged av8
from: addresses. Possibly, av8 was the target. Now who would target av8
with mailbombing?
--Dean
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000
More information about the NANOG
mailing list