Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)

2007-06-18 Thread Suresh Ramasubramanian
On 6/19/07, Per Heldal <[EMAIL PROTECTED]> wrote: Before you make it a technical or HR issue you first have to either find a way to make aggressive ISP policies profitable or introduce .gov-regulations that say you either operate according to some standard or not at all. Well - you have to hav

Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)

2007-06-18 Thread James Hess
On 6/18/07, Suresh Ramasubramanian <[EMAIL PROTECTED]> wrote: On 6/18/07, Jeroen Massar <[EMAIL PROTECTED]> wrote: > Of course, though 25 is (afaik ;) the most abused one that will annoy a > lot of other folks with spam, phishings and virus distribution, though > the latter seems to have come to

Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)

2007-06-18 Thread Per Heldal
On Mon, 2007-06-18 at 21:00 +0530, Suresh Ramasubramanian wrote: > On 6/18/07, Sean Donelan <[EMAIL PROTECTED]> wrote: > > Automation is a non-starter unless you have people to deal with the > > exceptions. If you don't deal with exceptions, eventually problems with > > any automated system will

Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)

2007-06-18 Thread Leigh Porter
Suresh Ramasubramanian wrote: > > On 6/18/07, Jack Bates <[EMAIL PROTECTED]> wrote: > >> Joe also pointed out the biggest problem with blocking port 25; it >> pushes the >> abuse towards the smarthosts. This creates a lot of issues. >> Smarthosts have to > > So .. great. You have a huge spam probl

Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)

2007-06-18 Thread Suresh Ramasubramanian
On 6/18/07, Jack Bates <[EMAIL PROTECTED]> wrote: Joe also pointed out the biggest problem with blocking port 25; it pushes the abuse towards the smarthosts. This creates a lot of issues. Smarthosts have to So .. great. You have a huge spam problem that flew under your radar as it was spread

Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)

2007-06-18 Thread Jack Bates
Suresh Ramasubramanian wrote: MAAWG's port 25 management document is kind of based on consensus. Joe is a senior tech advisor at MAAWG. contributed substantially to that document .. and those two presentations were made at a maawg (san diego in 2005 if I remember right) so .. Joe also pointed

Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)

2007-06-18 Thread Suresh Ramasubramanian
On 6/18/07, Sean Donelan <[EMAIL PROTECTED]> wrote: Automation is a non-starter unless you have people to deal with the exceptions. If you don't deal with exceptions, eventually problems with any automated system will overwhelm you. You can only hid behind IVR recordings "You call is very impo

Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)

2007-06-18 Thread Sean Donelan
On Mon, 18 Jun 2007, Suresh Ramasubramanian wrote: The best answer is probably paying for a strong ISP abuse team. But for whatever reasons, some ISPs prefer to invest in other areas. Bah. Not to underrate having a strong and clued abuse team. However, throwing more people at this is a non st

Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)

2007-06-18 Thread Suresh Ramasubramanian
On 6/18/07, Sean Donelan <[EMAIL PROTECTED]> wrote: The great thing about opinions is everyone has one. See also http://www.maawg.org/port25 MAAWG's port 25 management document is kind of based on consensus. Joe is a senior tech advisor at MAAWG. contributed substantially to that document .. a

Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)

2007-06-18 Thread Sean Donelan
On Mon, 18 Jun 2007, Suresh Ramasubramanian wrote: On 6/18/07, Jeroen Massar <[EMAIL PROTECTED]> wrote: Of course, though 25 is (afaik ;) the most abused one that will annoy a lot of other folks with spam, phishings and virus distribution, though the latter seems to have come to a near halt fro

Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)

2007-06-18 Thread Suresh Ramasubramanian
On 6/18/07, Jeroen Massar <[EMAIL PROTECTED]> wrote: Of course, though 25 is (afaik ;) the most abused one that will annoy a lot of other folks with spam, phishings and virus distribution, though the latter seems to have come to a near halt from what I see. Read these and weep, then - http://d

Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)

2007-06-18 Thread Jeroen Massar
Suresh Ramasubramanian wrote: > On 6/17/07, Jeroen Massar <[EMAIL PROTECTED]> wrote: > >> IMHO ISPs should per default simply feed port 25 outbound through their >> own SMTP relays. BUT always have a very easy way (eg a Control Panel >> behind a user/pass on a website) to disable this kind of filt

Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)

2007-06-18 Thread Suresh Ramasubramanian
On 6/17/07, Jeroen Massar <[EMAIL PROTECTED]> wrote: IMHO ISPs should per default simply feed port 25 outbound through their own SMTP relays. BUT always have a very easy way (eg a Control Panel behind a user/pass on a website) to disable this kind of filtering. This Y'know, port 25 is just th

RE: Assigning a fine (Was: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help))

2007-06-18 Thread Frank Bulk
Assigning a fine doesn't win any friends. The customer is already miffed that: a) we talked to them and wasted their precious personal time b) 'accused' them of malicious activity c) that we took them offline d) that they'll now need to spend $100 at a computer shop or use up goodwill credits wi