[Dshield] DShield's Public Goals

stu secmail at patchsupplier.dyndns.org
Thu Jan 5 16:39:39 GMT 2006


So my ISP will now block port 6667 to stop me from connecting to an IRC
server and the bot code gets modified to use port 6668? While users
complain IRC isn't working?

What if the Bot code uses destination port 80?

So to block the bot from sending email we need to block the customer
from accessing remote port 25? Then the bot moves its infection
mechanism to possibly IM? 

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of David Cary Hart
Sent: 05 January 2006 15:55
To: DShield General Discussion List
Subject: [Dshield] DShield's Public Goals

Years ago, Johannes advocated ISP port blocking as a way to
significantly
reduce the spread of Internet viruses. He was right then; He is MORE
right now.

Hypothetically, much - if not most - of the malicious content that
spreads
around is designed to install SMTP on the host in order to relay spam
and
replication attachments. Judging from some of the patterns that I see,
it seems
that individuals are building networks of hundreds of machines that they
control through IRC.

FWIW, it just seems to me that, at every opportunity, DShield and ISC
should be
spreading the gospel of port blocking.

-- 
Our DNSRBL - 
           Eliminate Spam: http://www.TQMcube.com/spam_trap.php
   FSS v. AHBL SLAPP Suit: http://www.TQMcube.com/ahbl.php
          Multi-RBL Check: http://www.TQMcube.com/rblcheck.php
            Zombie Graphs: http://www.TQMcube.com/zombies.php




More information about the list mailing list