North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)

  • From: Sean Donelan
  • Date: Mon Jun 18 11:17:51 2007

On Mon, 18 Jun 2007, Suresh Ramasubramanian wrote:
On 6/18/07, Jeroen Massar <jeroen@xxxxxxxxx> wrote: 
Of course, though 25 is (afaik ;) the most abused one that will annoy a
lot of other folks with spam, phishings and virus distribution, though
the latter seems to have come to a near halt from what I see.


Read these and weep, then -
http://darkwing.uoregon.edu/~joe/port25.pdf
http://darkwing.uoregon.edu/~joe/zombies.pdf

As Joe says (and I agree), trying to fix infected hosts on your
network by blocking port 25 is like treating lung cancer with cough
syrup.

The great thing about opinions is everyone has one.

See also

http://www.maawg.org/port25

Or how about

http://www.securitymanagement.com/library/Sans_Ulrich1203.pdf
http://www.networkworld.com/edge/news/2003/0908studyisps.html


The best answer is probably paying for a strong ISP abuse team. But for whatever reasons, some ISPs prefer to invest in other areas.