[c-nsp] What to do
Mohacsi Janos
mohacsi at niif.hu
Tue Jul 27 03:28:12 EDT 2004
On Mon, 26 Jul 2004, Jared Mauch wrote:
> I'm guessing the best things to do are as follows:
>
> 1) block SMTP service for hosts that don't need it,
> or redirect it to a local proxy smtp host.
> 2) impement SPF records and checks on your domains to take
> care of the spoofed e-mail problem (http://spf.pobox.com/)
> 3) Watch netflow statistics for increased traffic to
> google as well as increased smtp traffic from your 'customer base'.
> 4) stop using outlook
Additionaly to these block incoming 1034/TCP requests (the new Mydoom
variant installs bakdoor on this port) if you haven't done so yet.
Regards,
Janos Mohacsi
Network Engineer, Research Associate
NIIF/HUNGARNET, HUNGARY
Key 00F9AF98: 8645 1312 D249 471B DBAE 21A2 9F52 0D1F 00F9 AF98
>
> - jared
>
> On Mon, Jul 26, 2004 at 11:20:40AM -0700, Voll, Scott wrote:
>> What is everyone doing to help battle the W32.Mydoom.L at mm mass-mailing
>> worm that came out today?
>>
>> Scott
>>
>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> --
> Jared Mauch | pgp key available via finger from jared at puck.nether.net
> clue++; | http://puck.nether.net/~jared/ My statements are only mine.
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list