North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: short Botnet list and Cashing in on DoS

  • From: Gadi Evron
  • Date: Sat Oct 09 15:00:19 2004

Next you'll block SIP if we start getting "spam calls"? Or any other application that pops up and is used by the same people sending spam today?
There is the issue of usability. Why does a Cable user on a dynamic range need SMTP open?

You're fixing the symptom, not curing the cause. The immediate root cause is a compromised PC which among other things does send mail across port 25. Itīll also send mail using x-y-z webmail or misconfigured forms, etc.
Webmail, etc. could and would be used, but instead of millions of messages sent openly from each drones - there would be hundreds, maybe thousands.

It would be much more beneficial to deny all packets from AS's which don't have abuse in control.
That's not going to happen any time soon, and if only one ISP does it.. imagine the tech support screams? I'd rather treat the symptoms.

After all, the symptom of high-temperature is not the illness itself, but it could kill.