Re: OSF for an ISP (was Re: ..idea; ddos spam hosts off Internet?)
On Sat, 10 Apr 2004 08:45, Pulu 'Anau <pulu@afe.to> wrote:
> To kind of get back to the ISP world a little bit, has anyone used this in
> the way that's being recommended? (Using the OS Fingerprint Netfilter
> patch to block Windows machines sending to port 25).
>
> We're currently getting slammed by Windows viruses and have thought about
> doing exactly that, but it seemed to us that there are enough people using
> Exchange or Sendmail.com's windows sendmail (let alone ftgate, etc, etc.)
> that doing this would block legitimate mail almost instantly.
Is there any legit mail server software for Win98? If not then you can
permanently block it.
For NT (XP etc) you could allow every fourth day for receiving mail. Mail is
generally queued for four days before being bounced, so if you only accept
mail from NT machines every fourth day then you lose 75% of the spam and
viruses because spam proxies and viruses generally don't re-try. Legit mail
servers will keep trying until you let them through.
Avoiding 75% of the spam and viruses isn't a solution to the problem, but it's
a good start...
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: