Stopping open proxies and open relays
Dr. Jeffrey Race
jrace at attglobal.net
Wed Feb 18 01:15:54 UTC 2004
On Fri, 6 Feb 2004 22:43:39 -0600 (CST), Adi Linden wrote:
>I am looking for ideas to stop the spam created by compromised Windows
>PC's. This is not about the various worms and viruses replicating but
>these boxes acting as open relays or open proxies.
>
>There are valid reasons not to run antivirus software, coupled with
>clueless users, this results in machines that SPAM again just a few hours
>after having been cleaned.
First step is correctly to specify the system's properties.
Yours is not a technical issue but one of user negligence. You have
to build the solution around this fact.
Curative measures that have worked elsewhere are:
1-Scan every client when it accesses
2-Disconnect compromised clients or route only to a warning page
allowing access only to your tech support
3-First cleanup and advice to owner of compromised machine on how to be
a good internet member is free; second costs $100; third results in
permanent discontinuance of service and refusal to accept back as
a client.
These measures will fix your problem.
Jeffrey Race
More information about the NANOG
mailing list