North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Stopping open proxies and open relays

  • From: Dr. Jeffrey Race
  • Date: Sat Feb 07 00:17:26 2004

On Fri, 6 Feb 2004 22:43:39 -0600 (CST), Adi Linden wrote:

>I am looking for ideas to stop the spam created by compromised Windows 
>PC's. This is not about the various worms and viruses replicating but 
>these boxes acting as open relays or open proxies.
>There are valid reasons not to run antivirus software, coupled with 
>clueless users, this results in machines that SPAM again just a few hours 
>after having been cleaned.

First step is correctly to specify the system's properties.

Yours is not a technical issue but one of user negligence.   You have
to build the solution around this fact.

Curative measures that have worked elsewhere are:

1-Scan every client when it accesses

2-Disconnect compromised clients or route only to a warning page 
   allowing access only to your tech support

3-First cleanup and advice to owner of compromised machine on how to be 
   a good internet member is free; second costs $100; third results in
   permanent discontinuance of service and refusal to accept back  as
   a client.   

These measures will fix your problem.

Jeffrey Race