nanog mailing list archives

Re: tacid.org

From: "Jim Popovitch" <yahoo () jimpop com>
Date: Sun, 6 Jul 2008 16:01:43 -0400

On Sun, Jul 6, 2008 at 3:55 PM, Nick Shank <nick () laststop net> wrote:

Jim,
 ATM I have exchange set to dis-allow outbound mail


Hi Nick,

I (personally) don't think that is enough.  If the box was rooted,
there could be bots (i.e. other processes) sending outbound email.
Those processes could be persistent or periodic, and they could be
additional services or sub-processes of known-good services.  Further,
the bots could be dynamically loaded via on-box applications (i.e.
Internet Explorer, Firefox, etc.)

You would need an off-box firewall to successfully block outbound SMTP
connections.  With most, if not all, rooted boxs there really is no
safe way of securing it.  Your best path forward is to (IMHO) buy an
new harddrive and start from scratch, manually copying only known-good
files to the new drive, preferably using an intermediate box to virus
scan each moved file.

Best wishes,

-Jim P.

Current thread:

Re: a business opportunity?, (continued)
- - - Re: a business opportunity? John Levine (Jul 05)
    - (OT) IANA and ICANN domains get hijacked Michael Painter (Jul 05)
    - Sure, I'm game (was Re: a business opportunity?) Lynda (Jul 05)
    - Re: Sure, I'm game (was Re: a business opportunity?) Suresh Ramasubramanian (Jul 06)
    - Re: Sure, I'm game (was Re: a business opportunity?) Jon Lewis (Jul 06)
  - [OT/NOOP] Re: tacid.org jamie (Jul 05)
- RE: tacid.org Nick Shank (Jul 06)
  - Re: tacid.org Jim Popovitch (Jul 06)
    - Re: tacid.org Jo Rhett (Jul 09)
- Re: tacid.org Nick Shank (Jul 06)
  - Re: tacid.org Jim Popovitch (Jul 06)