Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Blocking mass mailings caused by viruses

from [Derick Anderson] Network Security [Permanent Link]
Subject: RE: Blocking mass mailings caused by viruses
Date: Fri, 14 Oct 2005 08:42:28 -0400 
 


-----Original Message-----
From: Erdahl, Larry E [mailto:Larry.Erdahl@allina.com] 
Sent: Wednesday, October 12, 2005 11:31 AM
To: firewalls@securityfocus.com
Subject: Blocking mass mailings caused by viruses

 

Over the past month we've been blacklisted by Spamhaus 
several times because of infected workstations and laptops 
(contractors and
consultants) sending out mass mailings.
My management doesn't want to block port 25 because we have a 
handful of physicians who are using POP mail. Does anyone 
know of an IDS, IPS, firewall, router ACLs, etc... that will 
block outgoing SMTP traffic, based on abnormal traffic volume? 

Thanks in advance!
 
Larry E. Erdahl


A couple thoughts:

Set up your physicians' email client so it sends mail (SMTP/port 25)
from an internal mail server (assuming you have one). You'll have to set
up your internal mail server to accept relays from internal machines,
which it may be doing already (if you use Exchange or something like
that then it's done by Windows auth...). Leave POP3 (port 110) open so
they can retrieve mail from the outside and deny outbound port 25 for
everything but your internal mail server(s).

If your problem is mainly with outside laptops, you should consider
setting up a separate subnet for them which would allow you to block
port 25 outbound. At my company we've completely separated our wireless
subnet from our internal network - the only way in is VPN.

Derick Anderson
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Sidewinder and Remote Desktop Connection Microsoft ?, Roger Richardson
Next by Date:  Re: Blocking mass mailings caused by viruses, Dan Lynch
Previous by Thread:  RE: Blocking mass mailings caused by viruses, Doug Block
Next by Thread:  Re: Blocking mass mailings caused by viruses, Dan Lynch
Indexes:  [Date] [Thread] [Top] [All Lists]