Re: malware and spam control



"C." <colin.mckinnon@xxxxxxxxx> wrote in news:685875ba-9671-43dc-ad5a-
e15d94f6a369@xxxxxxxxxxxxxxxxxxxxxxxxxxx:

On Nov 21, 10:25 pm, buck <b...@xxxxxxxxxxx> wrote:
Does anyone have experience with using iptables to control infected
M
$ OS machines that get internet access by setting gateway to a
Linux
box?

In my setup there is an access control list that uses nat and
forward
rules to allow specific computers to access specified ports.  Where
the M$ computer employs effective software to prevent infection,
that
computer is allowed to use port 25, otherwise it either is not
allowed
any internet access at all or the port list does not include port
25.

What I'd like to do is to allow even unprotected machines but drop
when iptables sees abuse.  I prefer to use iptables only.

The main problem is in distinguishing between normal vesus infected
activity.  Can anyone give examples, perhaps using "recent"
matches,
that drop malware but allow normal activity?  Can it even be done?
 I
s
there A Better Way?
--
buck

Yes - don't use NAT/masquerading - use proper application proxies.
Its
a no-brainer to set up Sendmail or Postfix, Squid, leafnode et al.
most of which already have hooks for policy management,
automatically
detecting abuse and dynamically blocking access.

C.

I fail to see how a proxy is going to protect against a user who
blindy clicks OK for everything sent. Perhaps you could point me to a
mailing list, forum or newsgroup where I could get some pointers on
setting up Squid so it protects the network against malware?
--
buck

.


Quantcast