In message <jbm.20050205135424.182e6314@User21>, Edgar Lovecraft <exim-
list@???> writes
>ISP's just need
>at the very least, to move from IP based relaying to authenticated relay,
>or authenticated relay only from their IP ranges, etc. Add that to
>restricting the client IP ranges connecting on TCP 25 outside the ISP
>network, and we can 'correct' most of the zombie machine behavior.
the zombies will either "sniff" the input of authentication credentials
or will request the user (who was, remember, dumb enough to allow them
to be installed in the first place) to input them specially :(
alternatively -- as is currently the case -- the bad guys will just
spend their time brute-force guessing to obtain the necessary passwords.
This has been a commonplace by one particular spam gang for 16 months or
more -- and there's no sign of them running out of targets :(
Hence the emphasis on real-time detection/prevention of abnormal traffic
patterns and the requests for features to simplify this :)
>I believe that come a few years from now, there very well could be some
>ISP's that choose to run 'open' systems and networks that get entirely
>blacklisted just because they refuse to help clean up the erroneous
>traffic.
blacklisting of networks is already commonplace :( and ISPs already
significantly improve their chances of keeping connectivity by being
seen to be active and effective in how they deal with abuse reports.
- --
richard Richard Clayton
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. Benjamin Franklin
