Larry Seltzer wrote:
Out of this list only two are really mail spamming
activities.
It wasn't meant as _complete_ list, just some simple ideas how
to cause havoc as proud owner of 20,000 PCs, limited to those
that are online. They could also look for formail (or formmail
sp?) Web forms, and fire until the Web hoster stops that abuse.
Or scan other systems for vulnerabilities adding them to the
botnet, or use them directly to spam, if it's a system where
port 25 is not blocked.
Port 587 is inherently authenticated, so a bot that uses it
will be quickly shut down.
If the ESP kicks his customer. Or if the ESP is also the ISP
and educates his customer. We've seen how good that works for
say spamcast.
"Create Web mail accounts in the name of its former owner and
spam" - why would you need a bot to do this? What value does
a bot add?
Fresh source IPs, and we're discussing ways to bypass port 25.
It might be a hard decision for receivers to block GMail, if
thousands of bots abuse it to send spam "via port 80" and
stolen GMail accounts.
you're right that there's a lot that bots can do besides
spam on port 25, but blocking port 25 would make it much,
much harder for bots to be a significant source of spam.
If a zombie can't spam, neither directly nor indirectly, it
can find somebody without this restriction. It can also help
in spam runs, e.g. load DNS server caches with the IPs for
spamvertized domains (a dummy HTTP GET will do), then the
controller shuts down his name server (so Akamai / SC won't
see it when they try), and finally he lets other bots fire.
I'm of course not sure, but sometimes I think Leo already is
at that level of the game, when SC fails to resolve IPs, but
I've no problem to get them.
Bye, Frank
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg