[NCSA-discuss] Finding an infected machine
chad.thomsen at gmail.com
Wed Feb 22 12:11:27 EST 2006
I agree with James and I would also setup a outbound filter on your firewall
to only allow ports absolutly needed to be open. Many folks leave outbound
interface on a firewall wide open. Obviously you would crank the logging
way up for a while to see what that does. You may have to open some
application specific ports to keep your users happy. You might be suprised
at what you get when you do this.
On 2/22/06, Steven Champeon <schampeo at hesketh.com> wrote:
> on Wed, Feb 22, 2006 at 09:41:05AM -0500, James Hunt wrote:
> > By the way, have you looked in the headers of the spam and made sure
> > it's really your network's IP address? It'd be a shame to go through
> > all the hoops when it's just some spammer faking your domain name in the
> > reply address.
> ...though it'd be a good idea, /anyway/, to block outbound 25 /and log/
> such traffic, so you hear about it before AOL does in the likely event
> that one of your users does get infected.
> hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w:
> antispam news, solutions for sendmail, exim, postfix:
> ncsa-discussion mailing list
> ncsa-discussion at ncsysadmin.org
More information about the ncsa-discussion