[97517] in North American Network Operators' Group
Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)
daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Tue Jun 19 11:36:24 2007
Date: Tue, 19 Jun 2007 21:05:33 +0530
From: "Suresh Ramasubramanian" <ops.lists@gmail.com>
To: "Leigh Porter" <leigh.porter@ukbroadband.com>
Cc: "Jack Bates" <jbates@brightok.net>,
"James Hess" <mysidia@gmail.com>, nanog@nanog.org
In-Reply-To: <4677F09F.7030505@ukbroadband.com>
Errors-To: owner-nanog@merit.edu
On 6/19/07, Leigh Porter <leigh.porter@ukbroadband.com> wrote:
> Agreed, SMTP is not really a special vector, other than it's ovbious
> commercial spam use. So just block all the usual virus vector ports,
> block 25 and force people to use your own SMTP servers and the problem
> 9this particular one goes away..
No. the part of it you target (outbound spam) merely relocates itself,
and your smtp servers become huge spam sinks. Filter all you want and
you'll still leak spam unless you take those hosts down
And in the meantime those hosts will also be launching dos attacks,
hosting "fast flux" pills / warez / kiddy pr0n sites, carrying out id
/ card theft .. best to isolate and take them down.
You can port block at your edge till you burst and you'll still be in
a lot of hot water.
--
Suresh Ramasubramanian (ops.lists@gmail.com)
