[Dshield] Rise in UCE

John Hardin johnh at aproposretail.com
Tue Jan 6 19:54:31 GMT 2004


On Tue, 2004-01-06 at 11:31, BarkerJr wrote:
> > > Filter ALL incoming attachments (most are already doing this),  and of
> > > course if anyone's computer IS exploited,  to disconnect them
> > > immediately before any more damage can be done.    Of course,  this is
> > > very BAD medicine.
> >
> > Simple. ISP's should block outbound port 25 from dynamic IP ranges for
> > customers that haven't signed up for the "I have a clue" service level,
> > or for those who specifically request direct outbound email be enabled.
> 
> Not so simple.  At least a couple viruses I've seen in the past month were sent
> via the ISP's mail servers.

I believe it would address spam from hijacked boxes, though, as the ISP
would likely notice a volume increase if the spam were sent via the ISP
mail servers.

--
John Hardin  KA7OHZ                           
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
 If you smash a computer to bits with a mallet, that appears to count
 as encryption in the state of Nevada.
                                               - CRYPTO-GRAM 12/2001
-----------------------------------------------------------------------




More information about the list mailing list