On Wednesday 02 August 2006 11:24, Magnus Holmgren wrote: > Otherwise, zombies can still try > to connect directly, and you'll have to rely on DUL and other blacklists to > figure out which IP addresses belong to end users.
The reason zombies are detected is that they cause performance problems. The more clever zombies do not impose much load and can run for a LONG time before triggering any suspicion. Many of the newer bots use the same routes as set up in outlook. So routing all mail thru your ISP and placing those settings in Outlook just make it easier for the zombie code to figure them out. Zombies with low activity level can send just enough mail for their spam masters to get your whole ISP black listed. (Happened to my ISP). Forcing all smtp thru ISPs is not going to slow down the bot nets much. These guys aren't stupid. -- _____________________________________ John Andersen
pgpODDrc0KZiO.pgp
Description: PGP signature
