[SpamCop-List] Re: Comcast considers "clever" anti-spam idea

[Rolf]

eddie wrote:

> No PODs, but I "consider" any stealth, non-destructive probe a legitimate
> "test" to verify if that IP is indeed the one sending me email using
> forged headers. There are lots of network "tests" that are available on my
> LInux boxes that are probably not even detectable by most zombies. If I do
> ping, it's never bigger than 65500 bytes, just below the maximum legal
> "dose" AFAIK. I am more curious what these zombies are doing.
> Without getting too specific, many have kazaa installed.

Well, it would seem legal to me to try to open a connection with the 
well known port numbers of those applications. Maybe you could even send 
them a query info package or something like that if you are pretty sure 
about the application listening on that port. If you guess wrong and the 
application crashes that would be more of "bad luck" respectively badly 
written software on the application part than an illegal attempt to do a 
DOS attack IMO.
Of course if they are sitting behind firewalls it gets difficult but 
then I think they would also be difficult to contact by the hackers 
unless they actively call home to open connections to outside sites but 
that has a high risk of detectable activity if they keep connections to 
remote sites open for a long time.

Rolf Kalbermatter