Drew Weaver spake the following on 2/15/2007 8:27 AM: > I find it kind of odd that noone has come up with a 'RBL' for bots... > > ISPs could easily receive routes via BGP from "some trusted source" that > has NULL routes for all of the 'infected' hosts which are attacking > people.. > > A few dozen honeypots and you would quickly have a large list of > infected hosts in which to ignore entirely. ISP's are in the market to sell bandwidth. And bots use bandwidth. Even if an ISP would just police it's own address space it would help. At home I have roadrunner, and they have no problem blocking "incoming" port 25 and port 80 traffic, but have no problem letting a connection blast away at everybody outgoing. So I can't have a simple webserver, but I can have a spamming operation. Go figure! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!!