[74358] in North American Network Operators' Group
Re: The worst abuse e-mail ever, sverige.net
daemon@ATHENA.MIT.EDU (Lars-Johan Liman)
Thu Sep 23 09:19:13 2004
To: "Mike Nice" <niceman@att.net>, hackerwacker@cybermesa.com
Cc: <nanog@merit.edu>
From: Lars-Johan Liman <liman@autonomica.se>
Date: 23 Sep 2004 15:13:59 +0200
Errors-To: owner-nanog-outgoing@merit.edu
hackerwacker@cybermesa.com:
>> The solution I am working toward is quickly identifying user
>> infections. We are almost there. I collect and record all traffic
Umm ... you mean you wire-tap all "my" email messages? (Anyone
still wonders why I don't trust my ISP?)
I wonder if my Teclo listens in on all my telephone conversations
too? And the post office! My letters?
(Oops, sorry, shouldn't make analogies. ;-)
>> from the users going to dark space
Umm ... please define "dark space".
>> and am almost finished with the system that will identify who held
>> that IP at a specific time. It is all in SQL so that is easy.
Mmm. User privacy in its glory?
niceman@att.net:
> Our system is similar, except we block port 25 completely via RADIUS
> after we detect an outgoing virus or spam,
Detect how?
> then notify the customer. This eliminates the ACL's on the border
> routers. The user can still surf freely to download patches while
> not causing further damage. Some users just don't want to be
> bothered and just use webmail to send E-mail and keep the block
> forever.
This latter part is OK. It opens up a way out for those who want to,
and a different service for those who don't.
Cheers,
/Liman
