Hello Kristian, KK> My point was that there is no mechanism to propagate your KK> findings back to the source, either to the owners of these KK> machines or any of their upstream providers.
When I first spotted the problem IP's, I sent emails to the abuse departments at the various ISP's alerting them to the fact that I believed that there was a Sobig-infected computer. Most of these were DLS or cable modem id's - I figured it would be an easy matter for the ISP to monitor usage, see the problem, and simply shut down the problem IP's. But that didn't seem to happen, and I never got a return email from any abuse department other than an autoresponse, so I gave up the effort. So I can see that there is no mechanism -- but there could be - it's simply a matter of reporting. Actually, existing open relay databases could be adjusted to also allow reporting of apparent Sobig/infected IPs -- so you would end up with a Sobig-RBL that you could use as you saw fit. KK> There is no way to KK> shut such machines off at the source in order to protect the KK> remaining network and to give the machines owners opportunity KK> correct the mishaviour of their machinery. Well, there is a way if the ISP wants it. I mean, as noted above, I reported the IP numbers to the abuse department - the ISPs obviously can shut down any IP they want. KK> If the Internet was a properly built infrastrructure with KK> self-protection and self-service mechanisms as an integral part KK> of it, it would have mechanism to detect detrimental behaviour KK> and react accordingly. It does not, that that's what Sobig.F KK> illustrated. You are right, but that is just because the ISP's have been remiss in developing appropriate protections. I mean, MOST of the problems I saw were associated with major cable or DSL providers -- so if the major ISPs simply worked together to develop software to react appropriately to suspicious usage patterns, it would go a long way to solving the problem. It may not exist yet, but I think it is very feasible technology. Put it this way: one day I used a credit card with a major bank that I hadn't used in a while and ran up a couple of large charges. That night I received a call from the fraud division of the company to verify the charges. They could do that because they have a computer system in place that alerts them to suspicious or unusual patterns, and staff employed to take appropriate action. Why can't the ISP provider be doing the same thing? They really should be doing it to catch spamming & relay problems as well. -Abigail ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
