Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)
jbates at brightok.net
Tue Jun 19 14:03:29 UTC 2007
James Hess wrote:
> Preventing hosts from just SMTP'ing out just anywhere they like
> creates a new hurdle
> for any infection to get over to spread; now any malware suddenly
> needs to figure out a
> SMTP server to use, and a username and password to use with SMTP
> and any other restrictions imposed by the ISP outgoing MTA.
This sounds great, except it doesn't scale. My router says there is no
noticeable difference between tcp/25 and tcp/445, or udp/134 or udp/1434 or
tcp/1025, or tcp/80. It asked if we should just block all ports and force people
through proxy servers. Why mitigate one vector when you can take them all out?
What makes SMTP so special a vector?
Yes, my router speaks. Yours doesn't?
More information about the NANOG