[Dshield] Spamhouse now listing exploited IPs in new blocklist
tonye at billy.demon.nl
Thu Jan 15 09:36:01 GMT 2004
ons, 14.01.2004 kl. 21.14 skrev Brad Spencer:
> Look at proxy port abuse as an example, and look only at port 1080 as a
> subset of that. If ISPs would watch outgoing and incoming traffic directed
> to port 1080 the ISPs would see a great deal of suspicious activity. They
> could then do a simple follow-through on that (for traffic from their own
> space) or report the traffic to the ISP of the source IP (for incoming
> traffic.) That ISP could then watch the source. When the conclusion is
> reached that the IP is a source of spam then the ISP could terminate all
> service for that customer.
I realize I shouldn't pick and choose points, but just on the above ...
so that US citizens understand, there is a general European (including
the UK and Holland, Germany and other counties) attitude to privacy
protection, apart from where a national security agency has given an ISP
a written directive to monitor traffic from a given CIDR.
I've raised your point earlier with my own, large, Dutch, ISP (IMHO a
particularly good one) and it was laughed out by a particularly
knowledgeable admin as untenable under the privacy laws. What the ISP
does do, and what other ISPs could do, is egress monitoring of
CIDR/syn-packet rates through border routers. Reckons that's pretty
effective in knocking off both witting and unwitting spammers within his
network. Obviously the ISP has to want this, and implement a strict
anti-spam policy in the first place.
The result of the above, is that I and all others are given "freedom
under responsibility" and can run our own mailservers or anything else
we like, which is why I willingly pay him my €16 per month for his
mail: billy - at - billy.demon.nl
More information about the list