Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Blocking mass mailings caused by viruses

from [Rod Barnhart] Network Security [Permanent Link]
Subject: Re: Blocking mass mailings caused by viruses
Date: Fri, 14 Oct 2005 12:41:09 -0400 
POP uses port 110, not 25. It's not clear from your message whether you
provide SMTP services to everyone and they just POP their messages, or if
you allow them to connect to any SMTP server that they need. If the first
case, you can still block port 25 from all but your SMTP servers. If the
second, I'd recommend implementing the first case, if possible. That said,
many desktop AV programs can alert you if there are XXX number of outgoing
messages per minute (or maybe it was per second?) so I'm sure there's an
enterprise solution that does the same.

Rod Barnhart



On 10/12/05, Erdahl, Larry E <Larry.Erdahl@allina.com> wrote:




Over the past month we've been blacklisted by Spamhaus several times
because of infected workstations and laptops (contractors and
consultants) sending out mass mailings.
My management doesn't want to block port 25 because we have a handful of
physicians who are using POP mail. Does anyone know of an IDS, IPS,
firewall, router ACLs, etc... that will block outgoing SMTP traffic,
based on abnormal traffic volume?

Thanks in advance!

Larry E. Erdahl
IS Security Specialist
Allina Hospital & Clinics
Office (612)775-1273
Cell (612)804-7324
larry.erdahl@allina.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Host placement and DMZ internal/external questions., Adam T
Next by Date:  RE: Host placement and DMZ internal/external questions., David Gillett
Previous by Thread:  Re: Blocking mass mailings caused by viruses, David Nichols
Next by Thread:  RE: Blocking mass mailings caused by viruses, Doug Block
Indexes:  [Date] [Thread] [Top] [All Lists]