[Modus] OT: Allowing SMTP on an ISP's Network + Nachi (Welchia) worm

[Jim Barstow]

Title: Message

When I had my ISP in operation in Michigan, I had it written into my AUS that users could not run "Mail, DNS, Web, or any other full-time server systems without express consent of the service provider".  This allowed us to charge users for running their own mail servers on our IP address range, and gave us the ability to shut them off (there was more words in there that stated that) if they abused it, so that we could show our providers that we had shut the user off.     Sr. Network Engineer Diversified Solutions and Services, Inc. 22645 Canal Road, Suite B Orange Beach, AL 36561 (251)980-8968 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike McTee Sent: Monday, December 15, 2003 3:28 PM To: [EMAIL PROTECTED] Subject: [Modus] OT: Allowing SMTP on an ISP's Network + Nachi (Welchia) worm This is an Off Topic post.  Due to the possibility of causing grief to some on this list with an Off Topic post’s sometimes excessive amount of responses, please reply to me in private with your policies, thoughts, or responses.  Also, this is really two questions in one e-mail, so it may generate more e-mails than most would want to see on the list anyway. J   1). As an ISP, what is the general consensus of allowing anyone (or everyone) to have the ability to have an SMTP server in operation on their machine while connected to the ISP’s network?   This question arises from time to time because we get complaints from various other people of spam being relayed from one of our IP Addresses and upon verifying who was using that IP Address at the time the relaying occurred, it comes back to dynamically assigned IP Address pools (both dialup and DSL).       2). As an ISP, what has everyone done to guard against bandwidth hogging infected machines (the latest seems to have been the Nachi or Welchia worm outbreak)?   A.      Did everyone choose to disable this by blocking those ports the worm uses (which incidentally blocks the ability to use ping and tracert as testing tools)? B.       Or, is there another way to do this that still lets us test across the network with ping and tracert?       Sincerely, Mike McTee Internet Systems Technician Eastex Net (www.eastex.net)