[78768] in North American Network Operators' Group
Re: IBM to offer service to bounce unwanted e-mail back to the computers that sent them
daemon@ATHENA.MIT.EDU (Florian Weimer)
Tue Mar 22 14:28:40 2005
From: Florian Weimer <fw@deneb.enyo.de>
To: Colin Johnston <colinj@mx5.org.uk>
Cc: Andreas Ott <andreas@naund.org>, <nanog@merit.edu>
Date: Tue, 22 Mar 2005 20:25:33 +0100
In-Reply-To: <BE662108.11B3D%colinj@mx5.org.uk> (Colin Johnston's message of
"Tue, 22 Mar 2005 19:22:48 +0000")
Errors-To: owner-nanog@merit.edu
* Colin Johnston:
> The better idea would be fingerprint the spam to match the bot used to match
> the exploit used to run the bot to then reverse exploit back to the
> exploited machine patching in the process.
Doesn't work reliably. A lot of bots close the attack vector they
used, to prevent infection by just another bot. There's also a lot of
cross-infection behind packet filters, which stop the same attack from
the Internet.
