Re: Stopping open proxies and open relays
On Fri, 6 Feb 2004 22:43:39 -0600 (CST), Adi Linden wrote:
I am looking for ideas to stop the spam created by compromised Windows PC's. This is not about the various worms and viruses replicating but these boxes acting as open relays or open proxies.
There are valid reasons not to run antivirus software, coupled with clueless users, this results in machines that SPAM again just a few hours after having been cleaned.
First step is correctly to specify the system's properties. Yours is not a technical issue but one of user negligence. You have to build the solution around this fact. Curative measures that have worked elsewhere are: 1-Scan every client when it accesses 2-Disconnect compromised clients or route only to a warning page allowing access only to your tech support 3-First cleanup and advice to owner of compromised machine on how to be a good internet member is free; second costs $100; third results in permanent discontinuance of service and refusal to accept back as a client. These measures will fix your problem. Jeffrey Race
I am looking for ideas to stop the spam created by compromised Windows PC's. This is not about the various worms and viruses replicating but these boxes acting as open relays or open proxies.
There are valid reasons not to run antivirus software, coupled with clueless users, this results in machines that SPAM again just a few hours after having been cleaned.
First step is correctly to specify the system's properties.
Yours is not a technical issue but one of user negligence. You have to build the solution around this fact.
I don't agree with this. It's almost impossible to "secure" windows machines. Even applying all patches as soon as they come out doesn't make sure you are "safe". Given, this applies to all operating systems, but the rate of windows patches is sure to throw users into a state of "this is impossible to keep up". I've seen machines become compromised even when fully patched only to realize what happened when the next MS patch came out - just look at how long it took MS to fix the ASN.1 issue. We can't continue to blame end users for negligence but also keep delivering crappy software to them. Why not blame Microsoft? Why not blame legislation for allowing vendors to deliver insecure applications and systems?
Curative measures that have worked elsewhere are:
1-Scan every client when it accesses
What are you going to scan for? Specific ports or all ports? That's going to take awhile and who knows what's going to happen to the guy on the other line. Keep in mind that the current spam proxies do not listen on fixed ports and they change quite often. While you scan the proxy app may even move from an unscanned port to a scanned port. So a client you though secure is not. Rgsd, -GSH
participants (2)
-
Dr. Jeffrey Race -
Guðbjörn S. Hreinsson