In addition to Chris's excellent comments:
- Connecting a [Linux or other] server to a P2P network may not be possible
or desirable in many/most instances.
- Use of a technique like this might leak information on which software
is installed, which versions, etc.
- It will trigger false positives whenever software is upgraded/patched.
(I say "will" because very long experience with tripwire and similar
taught me this a long time ago.)
- If the server has been subverted, then this mechanism can also
be subverted.
- Linux systems are not a significant component of botnets. I've been
doing passive OS fingerprinting for most of a decade, and they're in
the noise floor. It's still true now, as it was years ago, that
bot-originated spam comes from Windows systems to about six 9's.
- Better techniques already exist, such a firewalling outbound port 25
by default and only punching holes for systems that actually need to
send mail. Another example: monitoring the TCP connection rate to
port 25 on remote systems -- spam-senders are likely to push it much
higher than "normal".
---rsk
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg