North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: short Botnet list and Cashing in on DoS

  • From: Petri Helenius
  • Date: Sat Oct 09 14:45:04 2004

Gadi Evron wrote:

Blocking port 25 for dynamic ranges means they can't send email, so that drone are pretty useless for spammers on that account. Trojan horses would have to use local information for the user's own account (from Outlook or such).

Next you'll block SIP if we start getting "spam calls"? Or any other application that pops up and is used by the same people sending spam today?

ISP's could then, I suppose, limit every user to 5 emails a minute (or any other number).

That combined with domain-keys and sender-ID could make for a much prettier Internet, don't you think?

You're fixing the symptom, not curing the cause. The immediate root cause is a compromised PC which among other things does send mail across port 25. Itīll also send mail using x-y-z webmail or misconfigured forms, etc.

Abuse using port 25 is a major issue today, why not solve it? If a user wants it open, they could always ask for it or even pay more money. Perhaps move to a static IP?
It would be much more beneficial to deny all packets from AS's which don't have abuse in control.