Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Blocking mass mailings caused by viruses

from [Doug Block] Network Security [Permanent Link]
Subject: RE: Blocking mass mailings caused by viruses
Date: Wed, 19 Oct 2005 13:36:50 -0500 
I know in my network I just redid the local DNS entry for the outbound SMTP
so they LAPTOP user don't have to change there settings when there in my
network and force them to use my SMTP servers.  This way I could block 100%
of all workstation from every sending out a email on there own without going
thru my SMTP servers.   I know this not the best way of doing things but it
worked and solved a lot of head aches for me.  I of course have my SMTP
servers using none modify DNS so there is no problems with message delivery.
 
 
 

Doug Block
Chief Information Officer of Efast Funding
713-983-4055 (Direct)
888-338-3863 x 4055 (Toll Free)
713-983-4555 (Direct Fax)
832-483-4495 (Cell) 


 

  _____  

From: Rod Barnhart [mailto:rod.barnhart@gmail.com] 
Sent: Friday, October 14, 2005 11:41 AM
To: firewalls@securityfocus.com
Subject: Re: Blocking mass mailings caused by viruses


POP uses port 110, not 25. It's not clear from your message whether you
provide SMTP services to everyone and they just POP their messages, or if
you allow them to connect to any SMTP server that they need. If the first
case, you can still block port 25 from all but your SMTP servers. If the
second, I'd recommend implementing the first case, if possible. That said,
many desktop AV programs can alert you if there are XXX number of outgoing
messages per minute (or maybe it was per second?) so I'm sure there's an
enterprise solution that does the same.

Rod Barnhart




On 10/12/05, Erdahl, Larry E <Larry.Erdahl@allina.com> wrote: 



Over the past month we've been blacklisted by Spamhaus several times
because of infected workstations and laptops (contractors and
consultants) sending out mass mailings.
My management doesn't want to block port 25 because we have a handful of 
physicians who are using POP mail. Does anyone know of an IDS, IPS,
firewall, router ACLs, etc... that will block outgoing SMTP traffic,
based on abnormal traffic volume?

Thanks in advance!

Larry E. Erdahl 
IS Security Specialist
Allina Hospital & Clinics
Office (612)775-1273
Cell   (612)804-7324
larry.erdahl@allina.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: PIX 525 No NATconfiguration, Jan Nielsen
Next by Date:  RE: CISCO V7.0(2) stable ?, Casey DeBerry
Previous by Thread:  Re: Blocking mass mailings caused by viruses, Rod Barnhart
Next by Thread:  RE: Blocking mass mailings caused by viruses, Derick Anderson
Indexes:  [Date] [Thread] [Top] [All Lists]