[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <FLEKIFICBHEGCHAICFAJGENNCOAA.fulldisclosure@mnbn.net>
From: fulldisclosure at mnbn.net (Matthew C. Beckman)
Subject: Backdoor not recognized by Kaspersky
> One ISP here in Israel, has tried to do something about
this.
> They block all TCP traffic on port 25 (bi di) except for
there own mail
> servers IP
This is happening in the United States as well. Late last
month, Charter Communications (*.charter.net), a cable
provider, began blocking outbound TCP port 25 (inbound is
blocked as well, but that may have been done earlier).
Notice wasn't given, or at least it didn't reach any
customers I talked to. All outgoing mail from within their
network must now go through their own SMTP server.
This isn't optimal since their mail is queued and has a 5
meg limit on file attachments. However, simply forwarding
TCP port 26 to 25 on the remote servers will take care of
that. Charter uses IP-authentication and doesn't
restrict/examine the headers that are sent, so you aren't
restricted too much. It can be quite a pain for those that
check their email with a laptop from multiple locations. At
home they can only send via Charter's SMTP server, however,
from outside the network, you have no access. This causes
quite a mess.
This does, however, allow Charter to raise a flag if
mass-mailings are being sent out, due to a spammer or worm,
and can block it from going out.
- Matthew C. Beckman
Powered by blists - more mailing lists