-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
william(at)elan.net wrote:
On Fri, 2 Mar 2007, Steve Atkins wrote:
On Mar 2, 2007, at 4:01 PM, <gep2(_at_)terabites(_dot_)com>
<gep2(_at_)terabites(_dot_)com>
wrote:
[snip story of "my customer is an idiot with their mailserver and
their virus farm NATted to the same IP address"]
Dammit, people, we keep going back to what color fabric we're going
to use to upholster the "whack-a-mole" mallet, rather than coming up
with a real SOLUTION for this problem...!!! :-((
The main problem in this case is NATs, and the clueless consultants
who specify and deploy them. The solution is to not put critical
services behind them.
And/or certainly not share them with vulnerable desktops. And restrict
port 25 outbound from the NAT except from machines intended to send
email. Don't share business critical infrastructure with desktops,
because you're at the mercy of what they do.
When an IP acts like a bot, one must expect it to be treated as one.
We don't have a choice.
It also strikes me as odd that an XBL hit would present much of a
problem for more than the first hour or two after it was discovered.
Presuming it was a CBL listing, those can be self-removed, and they take
effect fairly quickly.
You maybe forgetting clueless IT managers that force use of NAT as a
policy in some organizations. Even more it maybe defined by
circumstances and type of router and internet connection they have. Plus
such
organizations need something done and and quickly and don't care
if some consultant says they should not be using nat - the question
asked, can you do it or not?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
iQCVAwUBRejI353FmCyJjHfhAQK+pQP6AhBt8Qayg+37pdqF4k3Eqergb35o7HYv
+5OeJlBVwtslb9tBVJPfmu7WhZyEIfK1asg/r3Qr7eIz6FkB0NyB1IchrYbXMj/d
ySAt5+gxy1+j9eF4/ityMf7yzvmSrhGElso62SxYRjofAZ+VJdzWwy68Cq4/3Xxy
zGG4v4XpEG0=
=bfKb
-----END PGP SIGNATURE-----
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg