nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Stopping open proxies and open relays

From: "Dr. Jeffrey Race" <jrace () attglobal net>
Date: Sat, 07 Feb 2004 12:11:32 +0700

On Fri, 6 Feb 2004 22:43:39 -0600 (CST), Adi Linden wrote:


I am looking for ideas to stop the spam created by compromised Windows 
PC's. This is not about the various worms and viruses replicating but 
these boxes acting as open relays or open proxies.

There are valid reasons not to run antivirus software, coupled with 
clueless users, this results in machines that SPAM again just a few hours 
after having been cleaned.


First step is correctly to specify the system's properties.

Yours is not a technical issue but one of user negligence.   You have
to build the solution around this fact.

Curative measures that have worked elsewhere are:

1-Scan every client when it accesses

2-Disconnect compromised clients or route only to a warning page 
   allowing access only to your tech support

3-First cleanup and advice to owner of compromised machine on how to be 
   a good internet member is free; second costs $100; third results in
   permanent discontinuance of service and refusal to accept back  as
   a client.   

These measures will fix your problem.

Jeffrey Race
Previous By Date Next
Previous By Thread Next

Current thread: