Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)

• Previous message (by thread): Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)
• Next message (by thread): Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/19/07, Leigh Porter <leigh.porter at ukbroadband.com> wrote:
> Agreed, SMTP is not really a special vector, other than it's ovbious
> commercial spam use. So just block all the usual virus vector ports,
> block 25 and force people to use your own SMTP servers and the problem
> 9this particular one goes away..

No. the part of it you target (outbound spam) merely relocates itself,
and your smtp servers become huge spam sinks.  Filter all you want and
you'll still leak spam unless you take those hosts down

And in the meantime those hosts will also be launching dos attacks,
hosting "fast flux" pills / warez / kiddy pr0n sites, carrying out id
/ card theft .. best to isolate and take them down.

You can port block at your edge till you burst and you'll still be in
a lot of hot water.

-- 
Suresh Ramasubramanian (ops.lists at gmail.com)

• Previous message (by thread): Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)
• Next message (by thread): Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]