nanog mailing list archives

Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)

From: Leigh Porter <leigh.porter () ukbroadband com>
Date: Tue, 19 Jun 2007 16:05:03 +0100


Jack Bates wrote:


James Hess wrote:

Preventing hosts from just SMTP'ing out just anywhere they like
creates a new hurdle
for any infection to get over to spread; now any malware suddenly
needs to figure out a
SMTP server to use, and a username and password to use with SMTP
authentication,
and any other restrictions imposed by the ISP outgoing MTA.


This sounds great, except it doesn't scale. My router says there is no
noticeable difference between tcp/25 and tcp/445, or udp/134 or
udp/1434 or tcp/1025, or tcp/80. It asked if we should just block all
ports and force people through proxy servers. Why mitigate one vector
when you can take them all out? What makes SMTP so special a vector?

Yes, my router speaks. Yours doesn't?

Jack


You said it does not scale but then went on to describe a completely
differant issue.

Agreed, SMTP is not really a special vector, other than it's ovbious
commercial spam use. So just block all the usual virus vector ports,
block 25 and force people to use your own SMTP servers and the problem
9this particular one goes away..

--
Leigh

Current thread:

Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help), (continued)
- - - Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Suresh Ramasubramanian (Jun 18)
    - Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Sean Donelan (Jun 18)
    - Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Suresh Ramasubramanian (Jun 18)
    - Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Per Heldal (Jun 18)
    - Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Suresh Ramasubramanian (Jun 18)
    - Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Jack Bates (Jun 18)
    - Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Suresh Ramasubramanian (Jun 18)
    - Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Leigh Porter (Jun 18)
    - Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) James Hess (Jun 18)
    - Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Jack Bates (Jun 19)
    - Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Leigh Porter (Jun 19)
    - Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Suresh Ramasubramanian (Jun 19)
    - Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Douglas Otis (Jun 19)
    - Breaking new laws by quarantining infected (l)users J. Oquendo (Jun 19)
    - Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Leigh Porter (Jun 19)
    - Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Sean Donelan (Jun 20)
    - RE: FBI tells the public to call their ISP for help Jamie Bowden (Jun 15)
    - Re: FBI tells the public to call their ISP for help John Levine (Jun 14)
- Re: FBI tells the public to call their ISP for help Brandon Butterworth (Jun 13)
  - Re: FBI tells the public to call their ISP for help Sean Donelan (Jun 13)
- Re: FBI tells the public to call their ISP for help Brandon Butterworth (Jun 13)

(Thread continues...)