[97499] in North American Network Operators' Group
Re: Quarantining infected hosts (Was: FBI tells the public to call
daemon@ATHENA.MIT.EDU (Sean Donelan)
Mon Jun 18 11:17:52 2007
Date: Mon, 18 Jun 2007 11:16:56 -0400 (EDT)
From: Sean Donelan <sean@donelan.com>
To: Suresh Ramasubramanian <ops.lists@gmail.com>
Cc: nanog@nanog.org
In-Reply-To: <bb0e440a0706180742y78fc4817ud626e5735cbf62de@mail.gmail.com>
Errors-To: owner-nanog@merit.edu
On Mon, 18 Jun 2007, Suresh Ramasubramanian wrote:
> On 6/18/07, Jeroen Massar <jeroen@unfix.org> wrote:
>> Of course, though 25 is (afaik ;) the most abused one that will annoy a
>> lot of other folks with spam, phishings and virus distribution, though
>> the latter seems to have come to a near halt from what I see.
>
> Read these and weep, then -
> http://darkwing.uoregon.edu/~joe/port25.pdf
> http://darkwing.uoregon.edu/~joe/zombies.pdf
>
> As Joe says (and I agree), trying to fix infected hosts on your
> network by blocking port 25 is like treating lung cancer with cough
> syrup.
The great thing about opinions is everyone has one.
See also
http://www.maawg.org/port25
Or how about
http://www.securitymanagement.com/library/Sans_Ulrich1203.pdf
http://www.networkworld.com/edge/news/2003/0908studyisps.html
The best answer is probably paying for a strong ISP abuse team. But for
whatever reasons, some ISPs prefer to invest in other areas.
