On Tue, 19 Jun 2007, Jack Bates wrote:
This sounds great, except it doesn't scale. My router says there is no
noticeable difference between tcp/25 and tcp/445, or udp/134 or udp/1434 or
tcp/1025, or tcp/80. It asked if we should just block all ports and force
people through proxy servers. Why
On 6/19/07, Leigh Porter <[EMAIL PROTECTED]> wrote:
Agreed, SMTP is not really a special vector, other than it's ovbious
commercial spam use. So just block all the usual virus vector ports,
block 25 and force people to use your own SMTP servers and the problem
9this particular one goes away..
Jack Bates wrote:
>
> James Hess wrote:
>> Preventing hosts from just SMTP'ing out just anywhere they like
>> creates a new hurdle
>> for any infection to get over to spread; now any malware suddenly
>> needs to figure out a
>> SMTP server to use, and a username and password to use with SMTP
>> au
James Hess wrote:
Preventing hosts from just SMTP'ing out just anywhere they like
creates a new hurdle
for any infection to get over to spread; now any malware suddenly
needs to figure out a
SMTP server to use, and a username and password to use with SMTP
authentication,
and any other restrict
On 6/19/07, Per Heldal <[EMAIL PROTECTED]> wrote:
Before you make it a technical or HR issue you first have to either find
a way to make aggressive ISP policies profitable or
introduce .gov-regulations that say you either operate according to some
standard or not at all.
Well - you have to hav
On 6/18/07, Suresh Ramasubramanian <[EMAIL PROTECTED]> wrote:
On 6/18/07, Jeroen Massar <[EMAIL PROTECTED]> wrote:
> Of course, though 25 is (afaik ;) the most abused one that will annoy a
> lot of other folks with spam, phishings and virus distribution, though
> the latter seems to have come to
On Mon, 2007-06-18 at 21:00 +0530, Suresh Ramasubramanian wrote:
> On 6/18/07, Sean Donelan <[EMAIL PROTECTED]> wrote:
> > Automation is a non-starter unless you have people to deal with the
> > exceptions. If you don't deal with exceptions, eventually problems with
> > any automated system will
Suresh Ramasubramanian wrote:
>
> On 6/18/07, Jack Bates <[EMAIL PROTECTED]> wrote:
>
>> Joe also pointed out the biggest problem with blocking port 25; it
>> pushes the
>> abuse towards the smarthosts. This creates a lot of issues.
>> Smarthosts have to
>
> So .. great. You have a huge spam probl
On 6/18/07, Jack Bates <[EMAIL PROTECTED]> wrote:
Joe also pointed out the biggest problem with blocking port 25; it pushes the
abuse towards the smarthosts. This creates a lot of issues. Smarthosts have to
So .. great. You have a huge spam problem that flew under your radar
as it was spread
Suresh Ramasubramanian wrote:
MAAWG's port 25 management document is kind of based on consensus. Joe
is a senior tech advisor at MAAWG. contributed substantially to that
document .. and those two presentations were made at a maawg (san
diego in 2005 if I remember right) so ..
Joe also pointed
On 6/18/07, Sean Donelan <[EMAIL PROTECTED]> wrote:
Automation is a non-starter unless you have people to deal with the
exceptions. If you don't deal with exceptions, eventually problems with
any automated system will overwhelm you. You can only hid behind IVR
recordings "You call is very impo
On Mon, 18 Jun 2007, Suresh Ramasubramanian wrote:
The best answer is probably paying for a strong ISP abuse team. But for
whatever reasons, some ISPs prefer to invest in other areas.
Bah. Not to underrate having a strong and clued abuse team. However,
throwing more people at this is a non st
On 6/18/07, Sean Donelan <[EMAIL PROTECTED]> wrote:
The great thing about opinions is everyone has one.
See also
http://www.maawg.org/port25
MAAWG's port 25 management document is kind of based on consensus. Joe
is a senior tech advisor at MAAWG. contributed substantially to that
document .. a
On Mon, 18 Jun 2007, Suresh Ramasubramanian wrote:
On 6/18/07, Jeroen Massar <[EMAIL PROTECTED]> wrote:
Of course, though 25 is (afaik ;) the most abused one that will annoy a
lot of other folks with spam, phishings and virus distribution, though
the latter seems to have come to a near halt fro
On 6/18/07, Jeroen Massar <[EMAIL PROTECTED]> wrote:
Of course, though 25 is (afaik ;) the most abused one that will annoy a
lot of other folks with spam, phishings and virus distribution, though
the latter seems to have come to a near halt from what I see.
Read these and weep, then -
http://d
Suresh Ramasubramanian wrote:
> On 6/17/07, Jeroen Massar <[EMAIL PROTECTED]> wrote:
>
>> IMHO ISPs should per default simply feed port 25 outbound through their
>> own SMTP relays. BUT always have a very easy way (eg a Control Panel
>> behind a user/pass on a website) to disable this kind of filt
On 6/17/07, Jeroen Massar <[EMAIL PROTECTED]> wrote:
IMHO ISPs should per default simply feed port 25 outbound through their
own SMTP relays. BUT always have a very easy way (eg a Control Panel
behind a user/pass on a website) to disable this kind of filtering. This
Y'know, port 25 is just th
at's rarely
the case because 99% of people really do care.
Regards,
Frank
-Original Message-
From: Jeroen Massar [mailto:[EMAIL PROTECTED]
Sent: Sunday, June 17, 2007 9:15 AM
To: [EMAIL PROTECTED]
Cc: 'Sean Donelan'; nanog@nanog.org
Subject: Quarantining infected hosts (Wa
On Sun, 17 Jun 2007, Jeroen Massar wrote:
For that matter, why don't ISPs start doing that: Introduce a fine. When
somebody gets infected, and thus doesn't take good care of his/her/it's
computer fine them. Let them pay say $25 to get fully back on the
Internet and only allow a very slow rate of
Frank Bulk wrote:
> The Billy Goat product only seems to detect and notify nefarious activity,
> but it does nothing for the owned clients.
>
> I want something that restricts my owned subscribers to downloading updates
> and tools while preventing them from spewing forth more spam and the like.
20 matches
Mail list logo
