North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)

  • From: Jack Bates
  • Date: Tue Jun 19 10:07:01 2007


James Hess wrote:
Preventing hosts from just SMTP'ing out just anywhere they like
creates a new hurdle
for any infection to get over to spread; now any malware suddenly
needs to figure out a
SMTP server to use, and a username and password to use with SMTP authentication,
and any other restrictions imposed by the ISP outgoing MTA.



This sounds great, except it doesn't scale. My router says there is no noticeable difference between tcp/25 and tcp/445, or udp/134 or udp/1434 or tcp/1025, or tcp/80. It asked if we should just block all ports and force people through proxy servers. Why mitigate one vector when you can take them all out? What makes SMTP so special a vector?


Yes, my router speaks. Yours doesn't?

Jack