[unisog] Any Canadian Universities on here ?

Pete Hickey pete at shadows.uottawa.ca
Fri May 6 01:33:33 GMT 2005


On Thu, May 05, 2005 at 06:00:55PM -0400, Daniel Feenberg wrote:

> > It is much more important to block incoming ports to all but authorized 
> > machines (cut off the control connection to the spam-bots).
> > 
> 
> The spambots don't "phone home" for instructions? We block all incoming
> connections to all our PCs - does that protect them from becoming
> spam-bots? I'd like to feel that was true, but I understood it was weak
> protection. Maybe I missunderstand.

All of the ones I have found did NOT phone home.  They were listening
on a port and receive connections.  They start with one IP address
connecting to them, and within a few hours, there are 20 connecting,
within a few more hours another 20...  They've never gone beyond
more than 12 hours.

To further confirm my suspicions, In my residences,  block all inbound
TCP connections.  I have never had one of my residence machines sending
spam.... oh let me correct that.  Several years ago, some kid convinced me
that some IRC site wouldn't work without AUTH being open on his
machine.  I opened it.  Wouldn'T you know that some spammer firuged
this out (not hard, but he did the work) and came in port 113 to
relay spam.

Not to say that none phone home, but just in my experience they
don't.


-- 
Pete Hickey                                       /~\  The ASCII
The University of Ottawa                          \ /  Ribbon Campaign
Ottawa, Ontario                                    X   Against HTML
Canada                                            / \  Email!


More information about the unisog mailing list