[Asrg] Re: Bots
Frank Ellermann <nobody@xyzzy.claranet.de> Wed, 18 January 2006 02:05 UTC
Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Ez2hG-0001U1-1h; Tue, 17 Jan 2006 21:05:14 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Ez2hE-0001Tw-17 for asrg@megatron.ietf.org; Tue, 17 Jan 2006 21:05:12 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA21959 for <asrg@ietf.org>; Tue, 17 Jan 2006 21:03:45 -0500 (EST)
Received: from main.gmane.org ([80.91.229.2] helo=ciao.gmane.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Ez2pN-0004Kl-Ut for asrg@ietf.org; Tue, 17 Jan 2006 21:13:42 -0500
Received: from list by ciao.gmane.org with local (Exim 4.43) id 1Ez2gp-0003hX-KB for asrg@ietf.org; Wed, 18 Jan 2006 03:04:47 +0100
Received: from 1cust12.tnt2.hbg2.deu.da.uu.net ([149.225.12.12]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <asrg@ietf.org>; Wed, 18 Jan 2006 03:04:47 +0100
Received: from nobody by 1cust12.tnt2.hbg2.deu.da.uu.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <asrg@ietf.org>; Wed, 18 Jan 2006 03:04:47 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: asrg@ietf.org
From: Frank Ellermann <nobody@xyzzy.claranet.de>
Date: Wed, 18 Jan 2006 03:00:53 +0100
Organization: <URL:http://purl.net/xyzzy>
Lines: 46
Message-ID: <43CDA155.55C8@xyzzy.claranet.de>
References: <43CD6CFF.5F6D@xyzzy.claranet.de> <049001c61bc1$3deb0b90$0d00005a@moregarlic.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet@sea.gmane.org
X-Gmane-NNTP-Posting-Host: 1cust12.tnt2.hbg2.deu.da.uu.net
X-Mailer: Mozilla 3.0 (OS/2; U)
X-Spam-Score: 0.2 (/)
X-Scan-Signature: c1c65599517f9ac32519d043c37c5336
Content-Transfer-Encoding: 7bit
Subject: [Asrg] Re: Bots
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/asrg>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
Sender: asrg-bounces@ietf.org
Errors-To: asrg-bounces@ietf.org
Larry Seltzer wrote:
> Out of this list only two are really mail spamming
> activities.
It wasn't meant as _complete_ list, just some simple ideas how
to cause havoc as proud owner of 20,000 PCs, limited to those
that are online. They could also look for formail (or formmail
sp?) Web forms, and fire until the Web hoster stops that abuse.
Or scan other systems for vulnerabilities adding them to the
botnet, or use them directly to spam, if it's a system where
port 25 is not blocked.
> Port 587 is inherently authenticated, so a bot that uses it
> will be quickly shut down.
If the ESP kicks his customer. Or if the ESP is also the ISP
and educates his customer. We've seen how good that works for
say spamcast.
> "Create Web mail accounts in the name of its former owner and
> spam" - why would you need a bot to do this? What value does
> a bot add?
Fresh source IPs, and we're discussing ways to bypass port 25.
It might be a hard decision for receivers to block GMail, if
thousands of bots abuse it to send spam "via port 80" and
stolen GMail accounts.
> you're right that there's a lot that bots can do besides
> spam on port 25, but blocking port 25 would make it much,
> much harder for bots to be a significant source of spam.
If a zombie can't spam, neither directly nor indirectly, it
can find somebody without this restriction. It can also help
in spam runs, e.g. load DNS server caches with the IPs for
spamvertized domains (a dummy HTTP GET will do), then the
controller shuts down his name server (so Akamai / SC won't
see it when they try), and finally he lets other bots fire.
I'm of course not sure, but sometimes I think Leo already is
at that level of the game, when SC fails to resolve IPs, but
I've no problem to get them.
Bye, Frank
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] Re: Bots Frank Ellermann
- [Asrg] Spam, why is it still a problem? Craig Cockburn
- Re: [Asrg] Spam, why is it still a problem? der Mouse
- Re: [Asrg] Spam, why is it still a problem? Tom Petch
- Re: [Asrg] Spam, why is it still a problem? Danny Angus
- Re: [Asrg] Spam, why is it still a problem? Andrew W. Donoho
- Re: [Asrg] Spam, why is it still a problem? Dave Crocker
- [Asrg] Re: Spam, why is it still a problem? Frank Ellermann
- Re: [Asrg] Spam, why is it still a problem? Barry Shein
- RE: [Asrg] Spam, why is it still a problem? Hallam-Baker, Phillip
- Re: [Asrg] Spam, why is it still a problem? Seth Breidbart
- [Asrg] Email service assumptions and making syste… Dave Crocker
- Re: [Asrg] Email service assumptions and making s… Barry Shein
- [Asrg] Re: Email service assumptions and making s… Frank Ellermann
- Re: [Asrg] Email service assumptions and making s… Seth Breidbart
- Re: [Asrg] Email service assumptions and making s… Douglas Otis
- Re: [Asrg] Email service assumptions and making s… Barry Shein
- Re: [Asrg] Email service assumptions and making s… Seth Breidbart
- [Asrg] Re: Spam, why is it still a problem? Stephane Bortzmeyer
- Re: [Asrg] Re: Spam, why is it still a problem? Gadi Evron
- [Asrg] Re: Spam, why is it still a problem? Stephane Bortzmeyer
- Re: [Asrg] Re: Spam, why is it still a problem? Tom Petch
- Bots was Re: [Asrg] Email service assumptions and… Tom Petch
- Re: [Asrg] Email service assumptions and making s… John Levine
- Re: Bots was Re: [Asrg] Email service assumptions… John Levine
- Re: [Asrg] Email service assumptions and making s… Barry Shein
- Re: [Asrg] Email service assumptions and making s… Douglas Otis
- Re: Bots was Re: [Asrg] Email service assumptions… Barry Shein
- [Asrg] Re: Bots Frank Ellermann
- RE: [Asrg] Re: Bots Larry Seltzer
- Re: [Asrg] Re: Bots Douglas Otis
- Re: [Asrg] Re: Bots Seth Breidbart
- [Asrg] Re: Bots Frank Ellermann
- Re: [Asrg] Spam, why is it still a problem? Craig Cockburn
- [Asrg] Re: Bots Frank Ellermann
- Re: [Asrg] Re: Spam, why is it still a problem? Craig Cockburn
- RE: [Asrg] Re: Bots Larry Seltzer
- Re: [Asrg] Re: Bots Gadi Evron
- Re: [Asrg] Re: Spam, why is it still a problem? Douglas Otis
- Re: [Asrg] Spam, why is it still a problem? John Levine
- Re: [Asrg] Spam, why is it still a problem? Craig Cockburn
- Re: [Asrg] Re: Spam, why is it still a problem? Craig Cockburn
- Re: [Asrg] Spam, why is it still a problem? Danny Angus
- Re: [Asrg] Email service assumptions and making s… Danny Angus
- Re: [Asrg] Email service assumptions and making s… Danny Angus
- Re: [Asrg] Spam, why is it still a problem? John Levine
- Re: [Asrg] Spam, why is it still a problem? John Levine
- Re: [Asrg] Email service assumptions and making s… Seth Breidbart
- Re: [Asrg] Spam, why is it still a problem? Craig Cockburn
- Re: [Asrg] Spam, why is it still a problem? Bill Cole
- Re: [Asrg] Spam, why is it still a problem? John Levine
- Re: [Asrg] Spam, why is it still a problem? Barry Shein
- Re: [Asrg] Email service assumptions and making s… Barry Shein
- Re: [Asrg] Email service assumptions and making s… Laird Breyer
- [Asrg] Re: Email service assumptions and making s… Frank Ellermann
- Re: [Asrg] Email service assumptions and making s… Danny Angus
- Re: [Asrg] Spam, why is it still a problem? John Levine
- RE: [Asrg] Re: Spam, why is it still a problem? Wesley Peters
- Re: [Asrg] Spam, why is it still a problem? Dave Crocker
- Re: [Asrg] Email service assumptions and making s… Dave Crocker
- Re: [Asrg] Spam, why is it still a problem? Danny Angus