[74637] in North American Network Operators' Group
Re: short Botnet list and Cashing in on DoS
daemon@ATHENA.MIT.EDU (Gadi Evron)
Sat Oct 9 14:58:58 2004
Date: Sat, 09 Oct 2004 20:53:22 +0200
From: Gadi Evron <ge@linuxbox.org>
To: Petri Helenius <pete@he.iki.fi>
Cc: Paul Vixie <vixie@vix.com>, nanog@merit.edu
In-Reply-To: <41683123.9010903@he.iki.fi>
Errors-To: owner-nanog-outgoing@merit.edu
> Next you'll block SIP if we start getting "spam calls"? Or any other
> application that pops up and is used by the same people sending spam today?
There is the issue of usability. Why does a Cable user on a dynamic
range need SMTP open?
> You're fixing the symptom, not curing the cause. The immediate root
> cause is a compromised PC which among other things does send mail across
> port 25. Itīll also send mail using x-y-z webmail or misconfigured
> forms, etc.
Webmail, etc. could and would be used, but instead of millions of
messages sent openly from each drones - there would be hundreds, maybe
thousands.
> It would be much more beneficial to deny all packets from AS's which
> don't have abuse in control.
That's not going to happen any time soon, and if only one ISP does it..
imagine the tech support screams? I'd rather treat the symptoms.
After all, the symptom of high-temperature is not the illness itself,
but it could kill.
Gadi.
