jlewis@lewis.org wrote:
On Sat, 14 Feb 2004, Tim Thorpe wrote:
If these exist then why are we still having problems?
Because the spammers are creating proxies faster than any of the anti-spam people can find them. Evidence suggests, at least on the order of 10,000 new spam proxies are created and used every day by spackers (spammer/hackers).
The relative insecurity of windows and ignorance of the average internet user has created an incredibly target rich environment for the spackers.
Why do we let customers who have been infected flood the networks with traffic as they do? Should they not also be responsible for the security of their computers? Do we not do enough to educate?
Economics, and convenience outweighing security. We're big, and slow to change. They're small and mobile.
The Internet's spam load could be easily cut by 50% or more. All it would take is the cooperation of most major ISPs and academic institutions. As this discussion thread has indicated, most spam originates from systems infected with spamiruses or open proxy servers. How to shut down all such malware? Simple: Apply egress filtering ACLs to all border routers to prohibit outgoing port 25 connections from DHCP addresses. We find that at least 85% of all spam originates from DHCP addresses. Thus, if a significant number of ISPs would perform port 25 egress filtering, I believe that it would significantly reduce spam, and force criminal spammers to develop completely new spamming technologies. If ISPs were to go further, and require their customers with static IPs to perform port 25 egress filtering, blocking such connections from all systems except for the customer's legitimate MTA, we could virtually eliminate spam originating from hijacked systems. OK, I can hear the objections now... ACLs slow down our routers and thus reduce through-put. Well, that may be true in the purest sense of the argument, but can you demonstrate that a few ACLs will have a SIGNIFICANT impact on through-put? I would be willing to bet that any through-put reduction caused by ACLs, in the long run, would be more than compensated for by the corresponding reduction in spam traffic passing through the router. Also, if filtering was to occur at the point closest to the source, rather than at an aggregation point, the impact of any ACLs would be distributed across the network in such a manner as to probably have no observable impact on network through-put. (If anyone has any hard statistics on ACL impact on network through-put, I would sure like to see those studies!) Just my $0.02 worth... Jon R. Kibler Chief Technical Officer A.S.E.T., Inc. Charleston, SC USA (843) 849-8214 ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.