[SpamCop-List] Re: Comcast considers "clever" anti-spam idea
user\" at domain.invalid.com>"
Wed May 26 19:42:23 EDT 2004
> No PODs, but I "consider" any stealth, non-destructive probe a legitimate
> "test" to verify if that IP is indeed the one sending me email using
> forged headers. There are lots of network "tests" that are available on my
> LInux boxes that are probably not even detectable by most zombies. If I do
> ping, it's never bigger than 65500 bytes, just below the maximum legal
> "dose" AFAIK. I am more curious what these zombies are doing.
> Without getting too specific, many have kazaa installed.
Well, it would seem legal to me to try to open a connection with the
well known port numbers of those applications. Maybe you could even send
them a query info package or something like that if you are pretty sure
about the application listening on that port. If you guess wrong and the
application crashes that would be more of "bad luck" respectively badly
written software on the application part than an illegal attempt to do a
DOS attack IMO.
Of course if they are sitting behind firewalls it gets difficult but
then I think they would also be difficult to contact by the hackers
unless they actively call home to open connections to outside sites but
that has a high risk of detectable activity if they keep connections to
remote sites open for a long time.
More information about the SpamCop-List