[79368] in North American Network Operators' Group
Re: botted hosts
daemon@ATHENA.MIT.EDU (Sam Hayes Merritt, III)
Mon Apr 4 16:56:55 2005
Date: Mon, 4 Apr 2005 15:56:10 -0500 (CDT)
From: "Sam Hayes Merritt, III" <sam@themerritts.org>
To: nanog@nanog.org
In-Reply-To: <Pine.LNX.4.44.0504041526560.9069-100000@localhost.localdomain>
Errors-To: owner-nanog@merit.edu
> Unblocking on customer request is an expensive operation, for both the
> ISP and the customer.
> And they frequently assume that network operations changes are
> free---Comcast reported that it would cost $58 million to implement port
> 25 blocking and notify customers, just for Comcast.
Anyone can come up with a number to convince themselves that they don't
need to do the 'right thing'. Comcast is probably using Docsis. Docsis
makes applying filters on a per user basis pretty darn easy.
AOL blocks outbound 25.
Earthlink for the most part does (we only refused 148 emails from them
yesterday from places like user-0c2i2vr.cable.earthlink.net and
user-0c2if7q.cable.earthlink.net, they might block port 25 by fefault for
as much as I know)
We block outbound port 25 on our residential connections by default. Of
those, only 2.4% currently have requested that we not filter them.
The $ excuse just doesn't fly. RR and Comcast know this. Other providers
have tackled the problem. I've seen the Spamcop reports on our retail
connections drop to just about nothing since filtering our users.
> On a deeper level, I discovered (its not at proof level, but probably at
> 'strong conjecture' level) that results from information theory show that
> spam cannot be stopped technically.
Yep. Cannot be stopped. But if I disable what I am currently doing to keep
the rest of the world out, my users damn sure notice. I do what I can,
grab the low lying fruit, get them knocked out of the way and then go for
the harder problems.
sam
