nanog mailing list archives
Re: Providers removing blocks on port 135?
From: Margie <margie () mail-abuse org>
Date: Sat, 20 Sep 2003 16:33:15 -0700
--On Saturday, September 20, 2003 6:36 PM -0500 Andy Walden <andy () tigerteam net> wrote:
Would this be a reference to the qmail-smtp-auth patch that recently was discovered, that if misconfigured, could allow incorrect relays?
No, that was the tip of the iceberg.
If so, I would say that this was an isolated incident for a single patch for a specific MTA and only when it was misconfigured. I'm not sure I would describe that as "secure by normal mechanisms" nor quite the epidemic it was the first week or two.
We've seen the same behavior out of Postfix, QMail, Imail, Mdaemon, Exchange, Sendmail, Mercury, Merak, NTMail, and others that I can't recall off the top of my head. In some cases, the relaying was fixed with the release of a new patch or a conf change. In others, particulary Exchange, the guest account was enabled, allowing open authentication. The big "BUT" is that there is a not insignificant number of other machines that have either been shown to have been brute forced or we've yet to determine the mechanism that allows the relay. The problem is not small.
I'm not necessarily making a statement one way or the other on port 25 filtering, but SMTP Auth, when properly configured and protected against brute force attacks is certainly a useful thing. YMMV of course.
Yes, it is a useful thing. It's not the ultimate answer. A machine that tests secure by any test we are willing to run, that requires fifteen character passwords, with mulitple special characters required, that is STILL relaying indicates there is a bad thing happening somewhere. -- Margie
Current thread:
- Re: Providers removing blocks on port 135?, (continued)
- Re: Providers removing blocks on port 135? Owen DeLong (Sep 20)
- Re: Providers removing blocks on port 135? Rob Thomas (Sep 20)
- Re: Providers removing blocks on port 135? Owen DeLong (Sep 20)
- Re: Providers removing blocks on port 135? Ray Bellis (Sep 20)
- Re: Providers removing blocks on port 135? David B Harris (Sep 20)
- Re: Providers removing blocks on port 135? Ray Bellis (Sep 20)
- Re: Providers removing blocks on port 135? Niels Bakker (Sep 20)
- Re: Providers removing blocks on port 135? Richard Cox (Sep 20)
- Re: Providers removing blocks on port 135? Margie (Sep 20)
- Re: Providers removing blocks on port 135? Andy Walden (Sep 20)
- Re: Providers removing blocks on port 135? Margie (Sep 20)
- Re: Providers removing blocks on port 135? Jack Bates (Sep 22)
- Re: Providers removing blocks on port 135? Sean Donelan (Sep 20)
- Re: Providers removing blocks on port 135? Justin Shore (Sep 20)
- Any actual data to back up blocking Netbios ports? Sean Donelan (Sep 20)
- Re: Providers removing blocks on port 135? John Kristoff (Sep 21)
- Re: Providers removing blocks on port 135? Justin Shore (Sep 20)
- Re: Providers removing blocks on port 135? jlewis (Sep 20)
- Message not available
- Re: Providers removing blocks on port 135? Mike Tancsa (Sep 21)
- Re: Providers removing blocks on port 135? Justin Shore (Sep 21)
- Message not available
- Re: Providers removing blocks on port 135? Mike Tancsa (Sep 23)