Educause Security Discussion mailing list archives

Re: the importance of security

From: Scott Weeks <sweeks () SANDIEGO EDU>
Date: Thu, 12 Aug 2004 00:25:30 -0700

On Wed, 11 Aug 2004, Jon Mitchiner wrote:

:  I am not comfortable with the idea of port 25 blocking.  The reason is
:  because how will you know if a machine is infected or not?  If you block

It's easy.  See the router log output at the bottom of this email.


:  outgoing port 25 then it's going to make it difficult for you to know
:  whether a machine is infected with a trojan/virus/etc and you would have
:  compromised machines on your network.  I like to be aware about

Doesn't matter which one.  If it affects the other netitizens, shut 'em
down. (at times I've been called "shut 'em down scott" :)  One person
should not be allowed to adversely affect hundreds of other's daily
productivity.  Forensics can happen offline at a later time.

scott





Just a sample of:
                  [server]$ wc -l spam-machine.txt
                     4415 spam-machine.txt

Don't worry, they were all denied.  :-)

Not sort'd nor uniq'd (*nix stuff), just a sample...

Aug  9 02:32:38 10.10.102.140(3876) -> 65.54.190.179(smtp),
Aug  9 02:32:39 10.10.102.140(3884) -> 216.144.69.88(smtp),
Aug  9 02:32:42 10.10.102.140(3901) -> 209.240.204.25(smtp),
Aug  9 02:32:45 10.10.102.140(3916) -> 12.41.194.130(smtp),
Aug  9 02:32:49 10.10.102.140(3935) -> 206.171.109.31(smtp),
Aug  9 02:32:49 10.10.102.140(3937) -> 64.12.138.120(smtp),
Aug  9 02:32:50 10.10.102.140(3943) -> 204.127.202.26(smtp),
Aug  9 02:32:50 10.10.102.140(3945) -> 209.132.219.21(smtp),
Aug  9 02:32:51 10.10.102.140(3954) -> 152.121.180.2(smtp),
Aug  9 02:32:53 10.10.102.140(3962) -> 63.236.75.217(smtp),
Aug  9 02:32:54 10.10.102.140(3967) -> 209.132.219.21(smtp),
Aug  9 02:32:56 10.10.102.140(3979) -> 66.192.54.254(smtp),
Aug  9 02:32:59 10.10.102.140(3993) -> 209.226.175.85(smtp),
Aug  9 02:33:00 10.10.102.140(4000) -> 216.144.69.88(smtp),
Aug  9 02:33:03 10.10.102.140(4013) -> 69.90.134.10(smtp),
Aug  9 02:33:04 10.10.102.140(4020) -> 66.77.209.38(smtp),
Aug  9 02:33:10 10.10.102.140(4056) -> 65.202.67.41(smtp),
Aug  9 02:33:11 10.10.102.140(4062) -> 216.144.69.88(smtp),
Aug  9 02:33:12 10.10.102.140(4065) -> 207.30.173.140(smtp),
Aug  9 02:33:18 10.10.102.140(4091) -> 204.127.198.6(smtp),
Aug  9 02:33:19 10.10.102.140(4095) -> 66.210.246.142(smtp),
Aug  9 02:33:20 10.10.102.140(4097) -> 12.18.21.162(smtp),
Aug  9 02:33:23 10.10.102.140(4100) -> 209.11.136.82(smtp),
Aug  9 02:33:25 10.10.102.140(4105) -> 207.250.236.70(smtp),
Aug  9 02:33:32 10.10.102.140(4119) -> 207.82.251.99(smtp),
Aug  9 02:33:33 10.10.102.140(4121) -> 64.4.50.99(smtp),
Aug  9 02:33:34 10.10.102.140(4124) -> 64.136.28.83(smtp),
Aug  9 02:33:41 10.10.102.140(4135) -> 216.144.69.88(smtp),
Aug  9 02:33:43 10.10.102.140(4136) -> 64.12.137.121(smtp),
Aug  9 02:33:44 10.10.102.140(4137) -> 66.210.246.142(smtp),
Aug  9 02:33:49 10.10.102.140(4143) -> 64.12.137.121(smtp),
Aug  9 02:34:04 10.10.102.140(4172) -> 216.127.146.11(smtp),
Aug  9 02:34:07 10.10.102.140(4176) -> 216.102.18.7(smtp),
Aug  9 02:34:12 10.10.102.140(4182) -> 64.12.138.57(smtp),
Aug  9 02:34:13 10.10.102.140(4183) -> 207.115.57.16(smtp),
Aug  9 02:34:13 10.10.102.140(4185) -> 199.170.56.4(smtp),
Aug  9 02:34:15 10.10.102.140(4188) -> 64.12.138.120(smtp),
Aug  9 02:34:17 10.10.102.140(4193) -> 207.217.125.25(smtp),
Aug  9 02:34:22 10.10.102.140(4197) -> 64.12.138.152(smtp),
Aug  9 02:34:22 10.10.102.140(4199) -> 64.12.138.57(smtp),
Aug  9 02:34:23 10.10.102.140(4200) -> 207.115.57.15(smtp),
Aug  9 02:34:25 10.10.102.140(4201) -> 64.89.160.66(smtp),
Aug  9 02:34:27 10.10.102.140(4203) -> 216.144.69.88(smtp),
Aug  9 02:34:28 10.10.102.140(4207) -> 64.73.228.130(smtp),
Aug  9 02:34:31 10.10.102.140(4208) -> 64.12.137.121(smtp),
Aug  9 02:34:34 10.10.102.140(4213) -> 198.185.2.92(smtp),
Aug  9 02:34:35 10.10.102.140(4216) -> 151.203.208.98(smtp),
Aug  9 02:34:36 10.10.102.140(4218) -> 205.158.62.181(smtp),
Aug  9 02:34:37 10.10.102.140(4223) -> 130.94.6.239(smtp),
Aug  9 02:34:43 10.10.102.140(4228) -> 64.12.138.57(smtp),
Aug  9 02:34:44 10.10.102.140(4230) -> 66.210.246.142(smtp),
Aug  9 02:34:48 10.10.102.140(4233) -> 64.12.138.152(smtp),
Aug  9 02:34:49 10.10.102.140(4235) -> 207.115.63.75(smtp),
Aug  9 02:34:53 10.10.102.140(4237) -> 130.94.6.239(smtp),
Aug  9 02:35:00 10.10.102.140(4251) -> 64.12.137.121(smtp),
Aug  9 02:35:03 10.10.102.140(4252) -> 64.12.138.120(smtp),
Aug  9 02:35:03 10.10.102.140(4254) -> 207.217.125.24(smtp),
Aug  9 02:35:05 10.10.102.140(4256) -> 130.94.6.239(smtp),
Aug  9 02:35:05 10.10.102.140(4258) -> 216.148.227.126(smtp),
Aug  9 02:35:07 10.10.102.140(4261) -> 205.183.255.171(smtp),
Aug  9 02:35:14 10.10.102.140(4268) -> 64.136.20.83(smtp),
Aug  9 02:35:17 10.10.102.140(4272) -> 66.75.160.12(smtp),
Aug  9 02:35:17 10.10.102.140(4274) -> 170.167.5.51(smtp),
Aug  9 02:35:19 10.10.102.140(4280) -> 63.240.181.100(smtp),
Aug  9 02:35:20 10.10.102.140(4281) -> 64.12.138.152(smtp),
Aug  9 02:35:25 10.10.102.140(4287) -> 63.236.75.221(smtp),
Aug  9 02:35:30 10.10.102.140(4294) -> 204.127.134.23(smtp),
Aug  9 02:35:30 10.10.102.140(4296) -> 170.167.6.20(smtp),
Aug  9 02:35:35 10.10.102.140(4298) -> 64.12.138.120(smtp),
Aug  9 02:35:37 10.10.102.140(4301) -> 64.156.215.18(smtp),
Aug  9 02:35:38 10.10.102.140(4303) -> 24.92.226.17(smtp),
Aug  9 02:35:39 10.10.102.140(4306) -> 65.54.190.50(smtp),
Aug  9 02:35:39 10.10.102.140(4308) -> 216.174.163.10(smtp),
Aug  9 02:35:40 10.10.102.140(4309) -> 204.127.202.26(smtp),
Aug  9 02:35:45 10.10.102.140(4315) -> 165.212.65.113(smtp),
Aug  9 02:35:47 10.10.102.140(4317) -> 66.75.160.12(smtp),
Aug  9 02:35:50 10.10.102.140(4322) -> 68.6.19.3(smtp),
Aug  9 02:35:56 10.10.102.140(4327) -> 66.48.78.51(smtp),
Aug  9 02:35:56 10.10.102.140(4328) -> 69.6.21.155(smtp),
Aug  9 02:35:56 10.10.102.140(4331) -> 192.195.69.151(smtp),
Aug  9 02:36:04 10.10.102.140(4344) -> 64.12.138.152(smtp),
Aug  9 02:36:07 10.10.102.140(4346) -> 63.209.156.100(smtp),
Aug  9 02:36:10 10.10.102.140(4351) -> 129.250.134.108(smtp),
Aug  9 02:36:17 10.10.102.140(4358) -> 216.170.188.130(smtp),
Aug  9 02:36:19 10.10.102.140(4361) -> 64.12.138.57(smtp),
Aug  9 02:36:20 10.10.102.140(4363) -> 67.28.114.35(smtp),
Aug  9 02:36:22 10.10.102.140(4366) -> 65.54.190.179(smtp),
Aug  9 02:36:24 10.10.102.140(4372) -> 64.12.137.121(smtp),
Aug  9 02:36:26 10.10.102.140(4375) -> 207.250.236.70(smtp),
Aug  9 02:36:28 10.10.102.140(4377) -> 64.4.50.179(smtp),
Aug  9 02:36:29 10.10.102.140(4380) -> 143.227.55.15(smtp),
Aug  9 02:36:30 10.10.102.140(4382) -> 12.158.34.245(smtp),
Aug  9 02:36:32 10.10.102.140(4385) -> 64.4.50.179(smtp),
Aug  9 02:36:32 10.10.102.140(4386) -> 69.6.21.150(smtp),
Aug  9 02:36:40 10.10.102.140(4395) -> 63.99.210.202(smtp),
Aug  9 02:36:41 10.10.102.140(4397) -> 216.148.227.126(smtp),

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

Re: the importance of security, (continued)
- Re: the importance of security Scott Genung (Aug 11)
- Re: the importance of security Cal Frye (Aug 11)
- Re: the importance of security Jon Mitchiner (Aug 11)
- Re: the importance of security Gary Flynn (Aug 11)
- Re: the importance of security Gary Flynn (Aug 11)
- Re: the importance of security Jon Mitchiner (Aug 11)
- Re: the importance of security Buz Dale (Aug 11)
- Re: the importance of security Rich Graves (Aug 11)
- Re: the importance of security Paul Russell (Aug 11)
- Re: the importance of security Mike Iglesias (Aug 11)
- Re: the importance of security Scott Weeks (Aug 12)