Results 1 to 5 of 5
  1. #1
    Join Date
    Sep 2001
    Location
    Vancouver
    Posts
    746

    Question Checking for spam with COLO clients

    Is there anyway to check if any colo customers are sending spam? I have a extreme networks switch and want to know if there are any measures I can take to block spam traffic going out.

  2. #2
    Join Date
    Jan 2002
    Posts
    453
    use snort and sniff their traffic.

    to block ports, you need a firewall.

    not sure you can do packet shaping with extreme networks.. which one in particular?

  3. #3
    Join Date
    Oct 2002
    Posts
    122
    The best way to know is to make sure that someone trying to find out where to send the complaints can find you. When someone does a whois on the ip, make sure your name is on it. If they traceroute, make sure your routers have rDNS that points to you. Knowledgeable people will be able to trace you no matter what, but if you make it easy for ordinary people to find you, you've got a much better chance of finding out about a spam run much earlier. Have an abuse mailbox and read everything in it at least every hour or so. Register abuse reporting for their domains at abuse.net.

  4. #4
    Join Date
    Sep 2002
    Location
    Mansfield
    Posts
    314
    Make sure that a lookup on the IP will find you, and fast/easy.

    Respond as soon as possible, and I mean *RIGHT NOW* to complaints, offer a phone number too. Notify your upstream in writing with contact info and keep it current. Always have the abuse mailbox forwarded to the one you watch AND the support mailbox.

    Make it part of the TOS that you A) May shut the switch ports off without warning over complaints and B) require a fix ASAP and response in writing in 24 hours or less to complaints. C) They have a valid abuse & postmaster mailbox. Request a cc on the abuse one (can't hurt to ask)

    Using a transparent bridge, port 25 can be enabled per IP, and IP traffic watched for patterns.

    Offer cheap spam/virus filtering with smtproutes and watch the traffic w/ mrtg/something.

    Be brutal in your cutoffs, profuse in apologies and clear in your policies.

    Run rlytest on new customers.
    Run it on the whole IP block(s) frequently.

    Don't tolerate 2nd offenders. Ever.

    Last, but not least, learn how to run a mail server or get some who does.
    GUI admin tools have no honor. It is a good day to vi.

  5. #5
    Join Date
    Sep 2001
    Location
    Vancouver
    Posts
    746
    I use a extreme networks summit 48 switch

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •