Wired mag article on spammers playing traceroute games with trojaned boxes

I mentioned before that it doesn't really make much sense with web
hosting because the port can easily be changed so it's not very effective

at all.

Stop thinking of policing the user and start
thinking of providing a security service. The
default setting of the security service might
include a block on port 80 inbound, but if the
user needs to enable this traffic, give them a
web form that they can use to reconfigure their

Or, if you can't handle such a variety of
individual ACLs on your equipment, give them
the option of buying a broadband router with
a recommended default config and un-blocked

If the user has to intervene in order to enable
a server type application to function, that
makes it a lot harder for trojan exploits to
take hold.

--Michael Dillon