On Sat, 14 Feb 2004 jlewis@lewis.org wrote:
On Sat, 14 Feb 2004, Tim Thorpe wrote:
If these exist then why are we still having problems?
Because the spammers are creating proxies faster than any of the anti-spam people can find them. Evidence suggests, at least on the order of 10,000 new spam proxies are created and used every day by spackers (spammer/hackers).
Why do we let customers who have been infected flood the networks with traffic as they do? Should they not also be responsible for the security of their computers? Do we not do enough to educate? Just completely blocking access to those users seems an overly agressive
Add to that (or part of that number) is that many DSL and cable providers use DHCP to assign ip addresses for short period of time to their customers. Typically whenever system is reset a new ip would be assigned and a few of the zombie viruses being installed on the user system causes it to become unstable (especially if its trying to send email and can not and keeps retrying after the ip is on blacklist) and those users begin to reboot the computer trying to get it to work properly resulting in those computers getting new ip addresses which would again be outside of blacklist punishment (which actually caused quite a few angry users who left their dsl provider). Some providers deal with this by blocking port25 or redirecting it their own smtp server - some even do it onj their networks for all customers no matter if they got any reports or not (as preventative measure). While there are many techs who don't like this practice it does seem that this solution effectively removes the PC from being used as source of spam even if it becomes a zombie. -- William Leibzon Elan Networks william@elan.net