Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Backdoor not recognized by Kaspersky
From: "Matthew C. Beckman" <fulldisclosure () mnbn net>
Date: Thu, 4 Mar 2004 03:14:33 -0600

One ISP here in Israel, has tried to do something about
this.
They block all TCP traffic on port 25 (bi di) except for
there own mail
servers IP

This is happening in the United States as well.  Late last
month, Charter Communications (*.charter.net), a cable
provider, began blocking outbound TCP port 25 (inbound is
blocked as well, but that may have been done earlier).
Notice wasn't given, or at least it didn't reach any
customers I talked to.  All outgoing mail from within their
network must now go through their own SMTP server.

This isn't optimal since their mail is queued and has a 5
meg limit on file attachments.  However, simply forwarding
TCP port 26 to 25 on the remote servers will take care of
that.  Charter uses IP-authentication and doesn't
restrict/examine the headers that are sent, so you aren't
restricted too much.  It can be quite a pain for those that
check their email with a laptop from multiple locations.  At
home they can only send via Charter's SMTP server, however,
from outside the network, you have no access.  This causes
quite a mess.

This does, however, allow Charter to raise a flag if
mass-mailings are being sent out, due to a spammer or worm,
and can block it from going out.

- Matthew C. Beckman

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault