A zombie can do everything it's former owner can do. Hijack
587 sessions for spamming. Harvest addresses. Participate
in DDoS. Everything distributed.net does, but for real and
illegal purposes. Confiscate Paypal and other accounts of
its former owner. Create Web mail accounts in the name of
its former owner and spam. Redirect spamvertized URLs in
an attempt to evade SURBL. Attack or spam IRC, jabber,
Usenet, IM, blogs,.. Port 25 SMTP is only one of many ways
to cause harm. Spam sent by zombies is a symptom, not the
disease.
Out of this list only two are really mail spamming activities. Port 587 is
inherently authenticated, so a bot that uses it will be quickly shut down.
It's just not much of a substitute for the freedom port 25 presents. "Create
Web mail accounts in the name of its former owner and spam" - why would you
need a bot to do this? What value does a bot add? In any event, it's still
not a reason to keep port 25 open.
Basically, you're right that there's a lot that bots can do besides spam on
port 25, but blocking port 25 would make it much, much harder for bots to be
a significant source of spam. Consequently the value of botnets would
decrease substantially.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
Contributing Editor, PC Magazine
larryseltzer(_at_)ziffdavis(_dot_)com
Bye, Frank
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg