Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)

Suresh Ramasubramanian ops.lists at gmail.com
Mon Jun 18 16:34:56 UTC 2007

On 6/18/07, Jack Bates <jbates at brightok.net> wrote:

> Joe also pointed out the biggest problem with blocking port 25; it pushes the
> abuse towards the smarthosts. This creates a lot of issues. Smarthosts have to

So .. great. You have a huge spam problem that flew under your radar
as it was spread across multiple /24s or far larger netblocks, now
concentrated within far fewer servers that are part of the same
cluster.  That kind of makes your job a bit easier then .. half full
glass v/s half empty glass, and all that.

> I'd rather monitor and filter traffic patterns on port 25 (and the various other
> ports that are also often spewing other things) than block it. It's not unusual
> to see tcp/25 spewing at the same time as udp/135 and tcp/445 or even tcp/1025.


Which is what a lot of the kit Sean posted about does ..

Suresh Ramasubramanian (ops.lists at gmail.com)

More information about the NANOG mailing list