North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: The worst abuse e-mail ever, sverige.net

  • From: Lars-Johan Liman
  • Date: Thu Sep 23 09:21:37 2004

[email protected]:
>> The solution I am working toward is quickly identifying user
>> infections.  We are almost there. I collect and record all traffic

Umm ... you mean you wire-tap all "my" email messages? (Anyone
still wonders why I don't trust my ISP?)

I wonder if my Teclo listens in on all my telephone conversations
too? And the post office! My letters?

(Oops, sorry, shouldn't make analogies. ;-)

>> from the users going to dark space

Umm ... please define "dark space".

>> and am almost finished with the system that will identify who held
>> that IP at a specific time. It is all in SQL so that is easy.

Mmm. User privacy in its glory?

[email protected]:
> Our system is similar, except we block port 25 completely via RADIUS
> after we detect an outgoing virus or spam,

Detect how?

> then notify the customer.  This eliminates the ACL's on the border
> routers.  The user can still surf freely to download patches while
> not causing further damage.  Some users just don't want to be
> bothered and just use webmail to send E-mail and keep the block
> forever.

This latter part is OK. It opens up a way out for those who want to,
and a different service for those who don't.

				Cheers,
				  /Liman