[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Asrg] Re: Bots
>>A zombie can do everything it's former owner can do. Hijack
>>587 sessions for spamming. Harvest addresses. Participate
>>in DDoS. Everything distributed.net does, but for real and
>>illegal purposes. Confiscate Paypal and other accounts of
>>its former owner. Create Web mail accounts in the name of
>>its former owner and spam. Redirect spamvertized URLs in
>>an attempt to evade SURBL. Attack or spam IRC, jabber,
>>Usenet, IM, blogs,.. Port 25 SMTP is only one of many ways
>>to cause harm. Spam sent by zombies is a symptom, not the
>>disease.
Out of this list only two are really mail spamming activities. Port 587 is
inherently authenticated, so a bot that uses it will be quickly shut down.
It's just not much of a substitute for the freedom port 25 presents. "Create
Web mail accounts in the name of its former owner and spam" - why would you
need a bot to do this? What value does a bot add? In any event, it's still
not a reason to keep port 25 open.
Basically, you're right that there's a lot that bots can do besides spam on
port 25, but blocking port 25 would make it much, much harder for bots to be
a significant source of spam. Consequently the value of botnets would
decrease substantially.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
Contributing Editor, PC Magazine
larryseltzer at ziffdavis.com
Bye, Frank
_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg