[sdnog] Network Full with malicious activities
Frank Habicht
geier at geier.ne.tz
Fri Nov 23 08:40:46 SAST 2018
On 22/11/2018 16:36, Philip Paeps wrote:
> You should also restrict outbound traffic to port 25 to your
> designated mail relays. Hosts inside your network should relay mail
> through those relays or use submission (TCP/587 or (better)
> TCP/465).
and you should not just block the packets outgoing to port tcp:25
(except to designated relays), but also log that activity. This will
help you find the origin: the bad guys(machines) on your network.
Frank
More information about the sdnog
mailing list