[67711] in North American Network Operators' Group
Re: Stopping open proxies and open relays
daemon@ATHENA.MIT.EDU (Dr. Jeffrey Race)
Tue Feb 17 20:16:53 2004
From: "Dr. Jeffrey Race" <jrace@attglobal.net>
To: "nanog@merit.edu" <nanog@merit.edu>
Date: Wed, 18 Feb 2004 08:15:54 +0700
Reply-To: "Dr. Jeffrey Race" <jrace@attglobal.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, 6 Feb 2004 22:43:39 -0600 (CST), Adi Linden wrote:
>I am looking for ideas to stop the spam created by compromised Windows
>PC's. This is not about the various worms and viruses replicating but
>these boxes acting as open relays or open proxies.
>
>There are valid reasons not to run antivirus software, coupled with
>clueless users, this results in machines that SPAM again just a few hours
>after having been cleaned.
First step is correctly to specify the system's properties.
Yours is not a technical issue but one of user negligence. You have
to build the solution around this fact.
Curative measures that have worked elsewhere are:
1-Scan every client when it accesses
2-Disconnect compromised clients or route only to a warning page
allowing access only to your tech support
3-First cleanup and advice to owner of compromised machine on how to be
a good internet member is free; second costs $100; third results in
permanent discontinuance of service and refusal to accept back as
a client.
These measures will fix your problem.
Jeffrey Race
