nanog mailing list archives
Re: botted hosts
From: Dean Anderson <dean () av8 com>
Date: Tue, 5 Apr 2005 18:55:40 -0400 (EDT)
On Tue, 5 Apr 2005, Tony Finch wrote:
On Mon, 4 Apr 2005, Dean Anderson wrote:Err, not likely. SPF came out, and now bots can find the ISPs "closed relays" with very little trouble at all.AFAIK bots use the MX of a parent domain of the infected machine's hostname to find an outgoing relay, not SPF. This is based on an incident I dealt with in September, and the Spamhaus article http://www.spamhaus.org/news.lasso?article=158 Fortunately it isn't too hard to lock down MXs to incoming only.
Yes. Many ISPs have MXs incoming only for reasons besides spam. But SPF identifies _outgoing_ mailservers. Just what a bot needs. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000
Current thread:
- Re: botted hosts, (continued)
- Re: botted hosts Christopher L. Morrow (Apr 04)
- Re: botted hosts Valdis . Kletnieks (Apr 04)
- Re: botted hosts Dean Anderson (Apr 05)
- Re: botted hosts Sam Hayes Merritt, III (Apr 04)
- Re: botted hosts Simon Waters (Apr 05)
- Re: botted hosts Dean Anderson (Apr 05)
- Re: botted hosts Tony Finch (Apr 05)
- Re: botted hosts Suresh Ramasubramanian (Apr 05)
- Re: botted hosts Tony Finch (Apr 05)
- Re: botted hosts Suresh Ramasubramanian (Apr 05)
- Re: botted hosts Dean Anderson (Apr 05)
- Re: botted hosts Florian Weimer (Apr 04)