Re: [fw-wiz] Pix 535 Logging

Have you thought about just blocking all outbound port 25 connections except for your authorized MX and mail servers? We did that at my company about a year back and eliminated the problem of infected machines flooding spam out from our network.

Just a thought,

David.

____________________________________________________

David A. Swafford, Network Engineer
Information Technology Team
Archbishop Alter High School

EC-Council Certified Ethical Hacker

A Cisco Systems, Inc., Certified Network Associate (CCNA)
and a CompTIA Network+ and Security+ Certified Professional


james.burns@xxxxxxxxxxxxxxxx 11/8/2006 5:50 am >>>
Hi,

I have a quick question regarding logging on a Pix 535.

We're currently getting a lot of CERT notifications for spammers
operating within our network - mainly just students with 0wned machines,
but we're looking into ways to automate the procedure slightly.

Anyway, what I'm looking to do, and what I need help with.... I want to
know if it's possible to log all outbound port 25 connection attempts,
EXCEPT those that come from our authorised MX's and mail servers. AND I
would like to be able to do this in addition to the normal logging that
takes place.

So, is it possible?

Any thoughts and guidance you can provide are very much appreciated.

Cheers,
James

--
James Burns

Network Advisor * Student & Learning Support
University of Sunderland



--
University of Sunderland - life-changing: see our new TV advert at
http://www.lifechangingsunderland.com or http://www.sunderland.ac.uk
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards






______________________________________________________

Founded in Faith - Preserved with Pride - Sustained by Spirit
______________________________________________________


Upcoming Events:
ALTER OPEN HOUSE
November 16
7 - 9 p.m.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • Re: How many differences, categories?
    ... >> relocate the pattern by a process similar to the one we used to ... Network logic is counterintuitive. ... In theory the limit to the number of connections per node ... As Kauffman varied this connectivity parameter in his generic networks, ...
    (sci.cognitive)
  • Re: win XP Pro SP2 with latest RDP. Workgroup vs. domain
    ... I do not need to setup RDP port forwarding in the Belkin router. ... the firewall did have in the exceptions screen "Remote Desktop" ... think that the "Allow remote connections RDP" and/or having the firewall RDP ... for network connections. ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: [Fwd: Re: Mainframe not a good architecture for interactive was Re: What is the future of COBOL
    ... programmers do not understand the inner working of CICS and that CICS ... does not keep track of ALL terminals in a mainframe network. ... >> to a Web Server, this means that for an equal number of clients, a Web ... >>server is keeping track of 5 times the connections. ...
    (comp.lang.cobol)
  • Re: Problem for physicalist evolutionists
    ... does not a neural network make. ... potential to have an FPP, and the FPP will be some part of that ... along any of those network connections to "assemble" the picture. ...
    (talk.origins)
  • Re: Problem for physicalist evolutionists
    ... does not a neural network make. ... they do no need to communicate anything ... along any of those network connections to "assemble" the picture. ...
    (talk.origins)