Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)

Jack Bates jbates at brightok.net
Tue Jun 19 14:03:29 UTC 2007

James Hess wrote:
> Preventing hosts from just SMTP'ing out just anywhere they like
> creates a new hurdle
> for any infection to get over to spread; now any malware suddenly
> needs to figure out a
> SMTP server to use, and a username and password to use with SMTP 
> authentication,
> and any other restrictions imposed by the ISP outgoing MTA.

This sounds great, except it doesn't scale. My router says there is no 
noticeable difference between tcp/25 and tcp/445, or udp/134 or udp/1434 or 
tcp/1025, or tcp/80. It asked if we should just block all ports and force people 
through proxy servers. Why mitigate one vector when you can take them all out? 
What makes SMTP so special a vector?

Yes, my router speaks. Yours doesn't?


More information about the NANOG mailing list