[74634] in North American Network Operators' Group
Re: short Botnet list and Cashing in on DoS
daemon@ATHENA.MIT.EDU (Petri Helenius)
Sat Oct 9 14:43:28 2004
Date: Sat, 09 Oct 2004 21:42:43 +0300
From: Petri Helenius <pete@he.iki.fi>
To: Gadi Evron <ge@linuxbox.org>
Cc: Paul Vixie <vixie@vix.com>, nanog@merit.edu
In-Reply-To: <41682F74.90103@linuxbox.org>
Errors-To: owner-nanog-outgoing@merit.edu
Gadi Evron wrote:
>
> Blocking port 25 for dynamic ranges means they can't send email, so
> that drone are pretty useless for spammers on that account. Trojan
> horses would have to use local information for the user's own account
> (from Outlook or such).
>
Next you'll block SIP if we start getting "spam calls"? Or any other
application that pops up and is used by the same people sending spam today?
> ISP's could then, I suppose, limit every user to 5 emails a minute (or
> any other number).
>
> That combined with domain-keys and sender-ID could make for a much
> prettier Internet, don't you think?
>
You're fixing the symptom, not curing the cause. The immediate root
cause is a compromised PC which among other things does send mail across
port 25. Itīll also send mail using x-y-z webmail or misconfigured
forms, etc.
> Abuse using port 25 is a major issue today, why not solve it? If a
> user wants it open, they could always ask for it or even pay more
> money. Perhaps move to a static IP?
It would be much more beneficial to deny all packets from AS's which
don't have abuse in control.
Pete
