|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)
On Jun 19, 2007, at 8:35 AM, Suresh Ramasubramanian wrote: On 6/19/07, Leigh Porter <[email protected]> wrote:Agreed, SMTP is not really a special vector, other than it's obvious commercial spam use. So just block all the usual virus vector ports, block 25 and force people to use your own SMTP servers and the problem [for] this particular one goes away.. Web-site/browser vulnerabilities make ISP efforts largely futile. Infection rates easily overwhelm aggressive automated detection and wall-garden strategies. Nevertheless, blocking port 25 offers several benefits even for this seemingly failing effort. Messages can be rate limited, where delivery errors also provide direct clues as to which system are likely infected. Web related script vulnerabilities impact some of the largest online email providers! In the zeal to enable advertising, customer accounts are easily harvested. These accounts may also receive password updates from other accounts, placing even critical financial information at risk. Every compromised account is then able to impersonate owners, utilize their address book and entice further infections by offering malware related messages. The malware might appear as seemingly harmless links or documents. Email is a vector that must be watched carefully, however the greater danger is with web/browser vulnerabilities. Complacency permitting, and at times even promoting use of known defective products must end. The era of combining scripts and active code along with every piece of information conveyed must end. Unless the Internet industry responds effectively, legislators will likely to react in their own futile way. Less is more. A document MUST NOT require active code to convey information. -Doug
|