nanog mailing list archives

Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)

From: "Suresh Ramasubramanian" <ops.lists () gmail com>
Date: Tue, 19 Jun 2007 21:05:33 +0530


On 6/19/07, Leigh Porter <leigh.porter () ukbroadband com> wrote:

Agreed, SMTP is not really a special vector, other than it's ovbious
commercial spam use. So just block all the usual virus vector ports,
block 25 and force people to use your own SMTP servers and the problem
9this particular one goes away..


No. the part of it you target (outbound spam) merely relocates itself,
and your smtp servers become huge spam sinks.  Filter all you want and
you'll still leak spam unless you take those hosts down

And in the meantime those hosts will also be launching dos attacks,
hosting "fast flux" pills / warez / kiddy pr0n sites, carrying out id
/ card theft .. best to isolate and take them down.

You can port block at your edge till you burst and you'll still be in
a lot of hot water.

--
Suresh Ramasubramanian (ops.lists () gmail com)

Current thread:

Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help), (continued)
- - - Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Sean Donelan (Jun 18)
    - Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Suresh Ramasubramanian (Jun 18)
    - Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Per Heldal (Jun 18)
    - Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Suresh Ramasubramanian (Jun 18)
    - Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Jack Bates (Jun 18)
    - Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Suresh Ramasubramanian (Jun 18)
    - Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Leigh Porter (Jun 18)
    - Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) James Hess (Jun 18)
    - Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Jack Bates (Jun 19)
    - Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Leigh Porter (Jun 19)
    - Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Suresh Ramasubramanian (Jun 19)
    - Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Douglas Otis (Jun 19)
    - Breaking new laws by quarantining infected (l)users J. Oquendo (Jun 19)
    - Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Leigh Porter (Jun 19)
    - Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Sean Donelan (Jun 20)
    - RE: FBI tells the public to call their ISP for help Jamie Bowden (Jun 15)
    - Re: FBI tells the public to call their ISP for help John Levine (Jun 14)
- Re: FBI tells the public to call their ISP for help Brandon Butterworth (Jun 13)
  - Re: FBI tells the public to call their ISP for help Sean Donelan (Jun 13)
- Re: FBI tells the public to call their ISP for help Brandon Butterworth (Jun 13)
  - Re: FBI tells the public to call their ISP for help Leigh Porter (Jun 13)

(Thread continues...)