North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Wired mag article on spammers playing traceroute games withtrojaned boxes

  • From: jlewis
  • Date: Thu Oct 09 14:26:50 2003

On Thu, 9 Oct 2003, Joe Boyce wrote:

> VA> Personally, I think preventing residential broadband customers from hosting 
> VA> servers would limit a lot of that. I'm not saying that IS the solution. 
> 
> It's not like those customers are aware they are hosting servers, they
> most likely were exploited and are now unaware they are hosting
> websites.

That's obviously the case.  No spammer has "thousands" of legitimately 
purchased DSL/Cable connections.  The article pretty clearly says they're 
exploiting insecure windows (isn't that redundant?) boxes.

Trouble is, how do you stop this?  Just blocking common ports like 80 by
default (unless the customer plans to actually run a web server and asks
for the filter to be removed) won't work.  The spammers can just as easily
spam with urls containing ports (http://blah.biz:8290/) if they find 80
is filtered or find that filtering has become common.

So other than waiting some infinitely long time for a secure out of the 
box version of windows (and for everyone to upgrade), how do you stop 
this?  Widespread deployment of reflexive access lists?  Force all 
broadband customers to use NAT and let them forward ports or entire IPs to 
their private IP servers if they have any?  Wait for the legal system to 
catch and prosecute a few people who do this and deter others from trying 
it?  Convince registrars to kill domains that are clearly being used by 
thieves?
  
----------------------------------------------------------------------
 Jon Lewis *[email protected]*|  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |  
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________