Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)

• Previous message (by thread): Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)
• Next message (by thread): Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/18/07, Jack Bates <jbates at brightok.net> wrote:

> Joe also pointed out the biggest problem with blocking port 25; it pushes the
> abuse towards the smarthosts. This creates a lot of issues. Smarthosts have to

So .. great. You have a huge spam problem that flew under your radar
as it was spread across multiple /24s or far larger netblocks, now
concentrated within far fewer servers that are part of the same
cluster.  That kind of makes your job a bit easier then .. half full
glass v/s half empty glass, and all that.

> I'd rather monitor and filter traffic patterns on port 25 (and the various other
> ports that are also often spewing other things) than block it. It's not unusual
> to see tcp/25 spewing at the same time as udp/135 and tcp/445 or even tcp/1025.

[...]

Which is what a lot of the kit Sean posted about does ..

srs
-- 
Suresh Ramasubramanian (ops.lists at gmail.com)

• Previous message (by thread): Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)
• Next message (by thread): Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]