Re: The worst abuse e-mail ever, sverige.net

• From: Jeff Wheeler
• Date: Tue Sep 21 20:08:22 2004

The port 25 blocking seemed like a real good idea.

-M

I disagree. Port blocking does not change user behavior & it is user
behavior that is causing this problem.
Blocking just hides it. I used to believe in port blocking as the solution
to many user problems but now I have 3 and 4 page ACL's
on my border routers. This does not scale. Yes, I could push this out via
radius to the NAS but again this does not solve the problem.
I feel blocking just pushes us closer to ports loosing their uniqueness, as
we have seen with PTP filesharing.

The solution I am working toward is quickly identifying user infections. We
are almost there. I collect and record
all traffic from the users going to dark space and am almost finished with
the system that will identify who held that
IP at a specific time. It is all in SQL so that is easy. We already have a
system in place where users, after multiple virus problems,
must obtain protection software prior to being re-enabled. Ramping up the
amount of proof we have at hand will allow us to enforce
our existing AUP.

The key to changing a behavior is to create consequences to this behavior. I
have noticed we never have problems getting
a user to get virus/firewall software after they pay to have their box
disinfected. Hit the users first with e-mails, then phone contact,
ending with being shut off should create the consequences needed to change
their behavior.

james

• References:
  • Re: The worst abuse e-mail ever, sverige.net james edwards

• Prev by Date: Re: port 25 blocking [Re: FW: The worst abuse e-mail ever, sverige.net]
• Next by Date: Re: FW: The worst abuse e-mail ever, sverige.net
• Date Index
• Thread Index
• Author Index
• Historical