mailing list archives
Re: Backdoor not recognized by Kaspersky
From: "orangganjil" <orangganjil () myway com>
Date: Thu, 4 Mar 2004 13:27:24 -0500 (EST)
One thing that I have not seen discussed in this thread is tarpitting spammers. This has been discussed before on
In addition, there is a neat tool for doing this in conjunction with an MTA, called Spam Cannibal:
I run a spam tarpit using an e-mail address that should never receive legitimate communications. The MX record for that
e-mail address points to a tarpited IP with 25/TCP open. When remote mail servers (or zombied DSL/Cable users) connect
to that tarpit their connection is held and their IP is logged. I have a Perl script that parses the logs and e-mails
me a diff of the top 50 offenders. Those folks end up being blocked by my firewall from accessing SMTP on my mail
server. If they are a home user, they can still access my web pages, etc. This goes a long way to decreasing the spam I
receive, and in addition, my tarpit holds or slows their connection - making it less likely they will move on to the
next spam recipient.
Test have been done verifying that, in most cases, spam software freezes, hangs, or crashes when tarpitted - forcing
manual intervention. There are potential ways around this without breaking TCP (if you ignore window size changes you
are breaking TCP), but all of the work-arounds require manual intervention or slow down the rate of spam and consume
bandwidth. All of these, even if the software doesn't crash or hang, increase the cost of spamming. Making spam
unprofitable is the only way to combat it, IMHO.
No banners. No pop-ups. No kidding.
Introducing My Way - http://www.myway.com
Full-Disclosure - We believe in it.
RE: Backdoor not recognized by Kaspersky Thor Larholm (Mar 04)
RE: Backdoor not recognized by Kaspersky Schmehl, Paul L (Mar 04)
Re: Backdoor not recognized by Kaspersky orangganjil (Mar 04)
RE: Backdoor not recognized by Kaspersky Ian Latter (Mar 05)