[SpamCop-List] Re: Spammers moving away from direct-to-mx?
driehuis.fcnzpbc2005 at playbeing.com
Mon Feb 7 03:26:55 EST 2005
John E. Malmberg wrote:
> Port scans are more troublesome to do automatically. They also consume
> bandwidth, so must be throttled. It is probably likely that the time
> needed to sequentially scan all I.P. addresses for an ISP can be
> measured in weeks or months if they do not want to disrupt their network.
> And apparently the spamware keeps morphing to evade automatic scans.
The morphing isn't that bad -- it just means ISPs have to scan all
65,534 possible ports of every customer before they allow the first
activity on Port 25. That's something like 5MB of traffic per user --
this could be a profit center for ISPs that charge per megabyte! :-)
The big problem with port scanning is that some Trojan proxies are so
badly written that at the best of times, they fail 50% of requests. In
other words, scanning all 65,534 is no guarantee of finding the Trojan.
More information about the SpamCop-List