[Dshield] DShield's Public Goals
secmail at patchsupplier.dyndns.org
Thu Jan 5 16:39:39 GMT 2006
So my ISP will now block port 6667 to stop me from connecting to an IRC
server and the bot code gets modified to use port 6668? While users
complain IRC isn't working?
What if the Bot code uses destination port 80?
So to block the bot from sending email we need to block the customer
from accessing remote port 25? Then the bot moves its infection
mechanism to possibly IM?
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of David Cary Hart
Sent: 05 January 2006 15:55
To: DShield General Discussion List
Subject: [Dshield] DShield's Public Goals
Years ago, Johannes advocated ISP port blocking as a way to
reduce the spread of Internet viruses. He was right then; He is MORE
Hypothetically, much - if not most - of the malicious content that
around is designed to install SMTP on the host in order to relay spam
replication attachments. Judging from some of the patterns that I see,
that individuals are building networks of hundreds of machines that they
control through IRC.
FWIW, it just seems to me that, at every opportunity, DShield and ISC
spreading the gospel of port blocking.
Our DNSRBL -
Eliminate Spam: http://www.TQMcube.com/spam_trap.php
FSS v. AHBL SLAPP Suit: http://www.TQMcube.com/ahbl.php
Multi-RBL Check: http://www.TQMcube.com/rblcheck.php
Zombie Graphs: http://www.TQMcube.com/zombies.php
More information about the list