ts wrote:

>>>>>>"D" == David Ross <dross / code-exec.net> writes:
>>>>>>            
>>>>>>
>
>D> Yes, it will  part of a solution,
>
> Associate it with another test (captcha, or what you want)
>
> * positive response from a majority of RBL, the user need to pass a test
>   (captcha, ..)
>
> * otherwise he is accepted
>
>D> the other part is having something scan the host for known 
>D> ports.
>
> This is not the purpose of xbl.spamhaus.org (exploits block list) to
> detect such hosts ?
>
>
>Guy Decoux
>
>
>
>  
>
oops, I mean real-time scanning like Freenode networks. Sure, the lists 
have some open relays, etc. Computers are infected all the time, so its 
up to a scanning to see who is infected. There are HTTP1.1 proxies which 
use CONNECT, SOCKS4/5 servers, other types of servers which are 
constructed for use in attacks. Hell, some people attack using over 50 
hops(computers one after another connecting to the next just to attack). 
For Freenode to block some "kiddies" I had to help freenode with the 
current ports they were scanning and  sent over a list of (elite) ports 
because somene accessed the list and wanted to act stupid so they 
decided to launch bot attacks. It was interersting how many attacks 
there are now since I gave them a list. Of course there are still the 
ocasion irc-trojan attacks which are not commanded by port 
communication, but a virus infects a computer to get information off a 
designated IRC server. Join the channel, and the master of a botnet 
attacks. Unless someone actually wants to be that stupid to attack a 
wiki, which is less likely. <finish for now, time ended for tea>

David Ross
-- 
Hazzle free packages for Ruby?
RPA is available from http://www.rubyarchive.org/