bbs.spamgourmet.com

A lot of spam is sent by zombie PCs that have been hijacked by a virus or trojan. The owners have no idea their machines are infected. As many of you are aware, you can install firewalls and virus scanners to reduce your risk of this. However, many people don't do this. They're not tech savvy enough to keep their PCs safe.

I was thinking there needs to be a very simple solution that doesn't require PC configuration. Something that Grandma would have no problem using. I was wondering if there's a way the router could let you know when mail was being sent.

If the router were to beep every time it made an outbound connection to the mail port 25, the owner would be able to hear when unauthorized mail is being sent. If I heard a beep after I sent mail, I know that's from me and it's safe. But if the thing is beeping constantly 24 hours a day, I know I have an infected machine. Even Grandma is going to get tired of the beeping and call someone to take care of it.

This isn't really something for spamgourmet, but I was wondering what you guys thought of this idea.

Better solution is that ISP automaticly blocks spam. And that's just what they have done in Finland.

There's already some routers vulnerable to attacks, and if this became common and spammers could find a vulnerability to gain admin access to the routers, they'd just add disabling the warnings to their malware. So this won't work, plus since there's already thousands of routers already out there that don't do it, it's not a viable solution. You'd need everyone in the world to replace their routers.

kevins10 wrote:There's already some routers vulnerable to attacks, and if this became common and spammers could find a vulnerability to gain admin access to the routers, they'd just add disabling the warnings to their malware.

So? That's why there are firmware updates regularly and security issues are getting fixed for sure. Also constant growth of internet forces hardware to be replaced regularly.

Here is one reference:
http://stateofsecurity.com/?p=339

It's also important to turn un-used control interfaces off and allow access from only one IP. Which actually may be IP that isn't occupied on that network at all. It can be IP which is used only be the control terminal.

Ok I know, as long as there is some way to get in. It's not impossible. Especially if control interface is in same physical lan without VLAN support. But it's still hard, and for sure any random automated attack bot isn't getting trough that. It'll require experienced and motivated attacker.

bnelson wrote:If the router were to beep every time it made an outbound connection to the mail port 25, the owner would be able to hear when unauthorized mail is being sent.

It's an interesting idea which could provide a useful warning of a compromised PC. The downside is it would involve some extra expense for router manufacturers in terms of adding a speaker and related circuitry - not much but every penny/cent counts in that business.

The solution is simple: Just like some Finn and French ISPs, ISPs should set their routers so that their subscribers cannot connect to port 25 of any server except the ISP's mail server. That will go a long way to reducing spam.

SysKoll wrote:ISPs should set their routers so that their subscribers cannot connect to port 25 of any server except the ISP's mail server. That will go a long way to reducing spam.

Only if the ISP also imposes limits on emails sent per user - otherwise spamware could just use their server instead.

My ISP blocks port 25 by default but still ended up on a spam blocklist due to one subscriber bouncing (backscattering) their incoming spam.

Paranoid2000 wrote:Only if the ISP also imposes limits on emails sent per user - otherwise spamware could just use their server instead.

Rate is limited and all email goes trough spam check. If it's clear spam or virus/malware stuff then SMTP traffic will be compeletely halted.

In some cases they can restrict all network traffic, if synflooding or malware / dos attacks are detected. Network connection stays down until customer contacts ISP and it's confirmed that system is free from serious crap.

It's illegal to harm other users or disturb network traffic.

I don't mean to imply that a beeping router would be the one great solution that would end all spam. But I think it could help identify infected systems.

My setup at home is 5 networked computers. Only one computer has an email reader and sends email. The rest either use webmail or don't send email at all. I wouldn't want the ISP or router to unilaterally block or permit port 25 traffic. I need port 25 to be enabled for the one computer, but I don't want the other 4 computers to be spam-sending zombies.

There have times I've seen my router's transmission lights blinking and wondered what's going on. I've even gone so far as running a sniffer to see what the packets are. So far it's just been normal stuff like a program checking for updates. But I don't want to be a network admin all the time at home. If the router beeped when a corresponding email was sent, I'd know that's okay. But if it starts whistling like a tea kettle, I'd know there was an infected machine.

bnelson wrote:I don't mean to imply that a beeping router would be the one great solution that would end all spam. But I think it could help identify infected systems.

How about reading system logs? I often find out that even if logging is on, nobody's reading those. And that's very very common. I have logging on only for cases that something serious happens and we do need those logs. But by default, no body's ever checking what's being logged. But that's life.

I have found out that security is a great joke. No body really cares, even they should. And if I can't win them I'm going to join them.