North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)
On 6/18/07, Suresh Ramasubramanian <[email protected]> wrote:
On 6/18/07, Jeroen Massar <[email protected]> wrote: > Of course, though 25 is (afaik ;) the most abused one that will annoy a > lot of other folks with spam, phishings and virus distribution, though > the latter seems to have come to a near halt from what I see.
As Joe says (and I agree), trying to fix infected hosts on your network by blocking port 25 is like treating lung cancer with cough syrup.
in some cases, the spread will stop entirely, if the particular software spreads only by connecting to destination mail servers on port 25, and while the hosts may still be infected, there is much less harm (in terms of automatically spamming and spreading to other hosts) that will be possible, with port 25 blocked.
Preventing hosts from just SMTP'ing out just anywhere they like creates a new hurdle for any infection to get over to spread; now any malware suddenly needs to figure out a SMTP server to use, and a username and password to use with SMTP authentication, and any other restrictions imposed by the ISP outgoing MTA.
Think of it as having people infected with TB wearing masks while they are in public.
It certainly doesn't cure them of the disease, that's not the point. It's for the protection of possible hosts not yet infected by the parasite.
It's no guarantee that the disease doesn't ever spread to someone else, but the opportunity for airborne spread is slightly reduced, and that's the goal.