On Friday, June 21, 2013, Frank Gadegast  wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Suresh Ramasubramanian wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
and yes, outbound mail scanning is a widely recognized best practice<br>
</blockquote>
<br>
But this is in some countries or under some other regulations no option.</blockquote><div><br></div><div>Which is a pity of course.  However it remains a best practice and even in Germany there are ISPs who do filter outbound mail.   </div>
<div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
There is a much easier way of finding botted PCs dialing into your own network without having to scan outgoing mail.</blockquote><div><br></div><div>This wasn&#39;t anything about botted PCs ON that network.  It was about C2 for various bots running on collocated IP space leased by botmasters.</div>
<div> </div><div>As for the rest of it - there&#39;s RFC 6561 besides a ton of best practice documents on how to detect botted PCs on a network.</div><div><br></div><div>--srs<span></span></div><br><br>-- <br>--srs (iPad)<br>