nanog mailing list archives
Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)
From: Leigh Porter <leigh.porter () ukbroadband com>
Date: Mon, 18 Jun 2007 17:49:02 +0100
Suresh Ramasubramanian wrote:
On 6/18/07, Jack Bates <jbates () brightok net> wrote:Joe also pointed out the biggest problem with blocking port 25; it pushes the abuse towards the smarthosts. This creates a lot of issues. Smarthosts have toSo .. great. You have a huge spam problem that flew under your radar as it was spread across multiple /24s or far larger netblocks, now concentrated within far fewer servers that are part of the same cluster. That kind of makes your job a bit easier then .. half full glass v/s half empty glass, and all that.I'd rather monitor and filter traffic patterns on port 25 (and the various other ports that are also often spewing other things) than block it. It's not unusual to see tcp/25 spewing at the same time as udp/135 and tcp/445 or even tcp/1025.[...] Which is what a lot of the kit Sean posted about does .. srs
We filter ALL udp/135 and tcp/445 or even tcp/1025 towards and from the Internet. Port 25 is only allowed to go through the smarthosts and other whitelisted mail servers. We have never had any complaints about the 135/445/1025 blocking and very few about the port25 stuff. Spambots are getting clever and they now use configured SMTP relays in thunderbird/outlook etc so the mail gateways get quite a bit of traffic. But we have lots of them (Ironports) behind load balancers so theres little problem there. -- Leigh Porter UK Broadband
Current thread:
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help), (continued)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Sean Donelan (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Suresh Ramasubramanian (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Sean Donelan (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Suresh Ramasubramanian (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Sean Donelan (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Suresh Ramasubramanian (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Per Heldal (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Suresh Ramasubramanian (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Jack Bates (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Suresh Ramasubramanian (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Leigh Porter (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) James Hess (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Jack Bates (Jun 19)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Leigh Porter (Jun 19)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Suresh Ramasubramanian (Jun 19)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Douglas Otis (Jun 19)
- Breaking new laws by quarantining infected (l)users J. Oquendo (Jun 19)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Leigh Porter (Jun 19)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Sean Donelan (Jun 20)
- RE: FBI tells the public to call their ISP for help Jamie Bowden (Jun 15)
- Re: FBI tells the public to call their ISP for help John Levine (Jun 14)