Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: creating DNSBL for blocking email virus, need suggestion

from [Rob Hughes] Network Security [Permanent Link]
Subject: Re: creating DNSBL for blocking email virus, need suggestion
Date: Sun, 21 Nov 2004 08:35:10 -0600 
On Sat, 2004-11-13 at 12:10 +0700, Markus wrote:

how if the computer that infected by virus and send email virus is in
a network/LAN? the LAN's server public IP will be blocked, and then
all computer in that network can't send email to my school network.
can we know local IP 198.x.x.x for that computer?



You're right. But blocking 1918 addresses isn't a solution either, since
many networks use those same addresses for their internal hosts. About
all you can do is pick a pain point and decide when too many infected
mails come from a given server, then block it. Further, individual user
systems shouldn't be sending out email. All email from a network should
go through a central server so that it can be scanned. Allowing users to
send email directly from their systems and/or not scanning outgoing mail
is sloppy administration and lax security, almost to the point of
criminality IMO.


how long do you think an IP should remain in the blacklist? because
blacklist can't know if the infected computer already cleaned by its
user/admin.


I'd really suggest that you use some of the free RBLs out there. They
have automated systems that let admins submit removal requests when they
get their network cleaned up.

A good source for these is openrbl.org.

Rob.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  studying guide/book for CISSP, Mark W. Webb
Next by Date:  Spoofing an IP over the internet, Simon
Previous by Thread:  creating DNSBL for blocking email virus, need suggestion, Markus
Next by Thread:  RE: creating DNSBL for blocking email virus, need suggestion, Mike
Indexes:  [Date] [Thread] [Top] [All Lists]