4 Feb 00:27
Re: New types of Trojans coming
R A Lichtensteiger <rali <at> Tifosi.com>
2005-02-03 23:27:33 GMT
2005-02-03 23:27:33 GMT
Dallman Ross wrote: <> http://news.zdnet.com/2100-1009_22-5560664.html <> <> Precis: Spam levels expected to rise with suddenness <> soon, as blacklists become less effective. The "trick" of sending out spam via the hosts' legitimate mail relays has been seen in the wild for about 18 months now. It's not new, just new to the media :-/ (AOL reported seeing it that long ago, anyway) There are a number of fixes, of course: 1a. Separate your outgoing relays from your inbound MX hosts. Some of the trojans do a PTR lookup on their address, then an MX query on the forward zone. 1b. Configure your MX hosts to not accept mail from INSIDE your network and configure your outbound relays to not accept mail from OUTSIDE your network. 2. Enable SMTP AUTH 3. Implement rate limiting on outbound email The thing that seems to be overlooked about this spammer trick is that it puts the cost exactly where it ought to be -- if your network tolerates zombie hosts and spammers, then YOUR relays get hammered, not mine (well, at least yours get hit before mine do). Finally, some motivation for companies like comcast and verizon to clean up their acts. Reto, not too unhappy -- -- R A Lichtensteiger rali <at> tifosi.com "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning." - Some Smart Guy
RSS Feed