nanog mailing list archives
Re: botted hosts
From: Suresh Ramasubramanian <ops.lists () gmail com>
Date: Mon, 4 Apr 2005 11:13:00 +0530
On Apr 4, 2005 10:40 AM, Sean Donelan <sean () donelan com> wrote:
Why does anyone accept SMTP conenctions from known "dynamically assigned" addresses? DUL, QIL, etc should drop all those connections on the floor.
Consider, if you will, the UNKNOWN dynamic IP ranges Neither DUL, nor SORBS DUHL, nor the several other lesser known variants can claim to do even a fraction of a perfect job - and providers who do stuff like happily mix static IP and dynamic IP netblocks, maintain vague or inconstant rDNS or even no rDNS at all for these, etc don't help at all, leading to the usual funny situation of someone's static IP dsl getting blocked as dynamic [but that's another story altogether] And even with port 25 filtering, if it is one way only, people can use so-called triangular routing to spoof IP packets, using botnet controled hosts on dialups, and a master control center with a fat pipe + spamware, and a bank of POTS lines. Port 25 both ways, and then uRPF to stop source address spoofing ..
Does port 25 blocking actually make a difference? Any public data from before and after? Or does it just annoy people, cause problems and not fix anything?
The last time this thread came up on nanog (I think you were the one to ask this question then as well) I do belive people came up to say "yes, it does make a difference" That said, Joe St.Sauver put it fairly well in his presentation at maawg san diego, when he said it is cough sirup for lung cancer, and what you need along with the cough sirup of port 25 filtering, is some stronger measures to locate and take down botted hosts, which of course can be used for nastier things (DDoS botnets for example) as well, things that do just fine without port 25. -srs -- Suresh Ramasubramanian (ops.lists () gmail com)
Current thread:
- Re: botted hosts Randy Bush (Apr 03)
- <Possible follow-ups>
- Re: botted hosts Sean Donelan (Apr 03)
- Re: botted hosts Suresh Ramasubramanian (Apr 03)
- Re: botted hosts Sean Donelan (Apr 04)
- Re: botted hosts Alex Bligh (Apr 04)
- Message not available
- Re: botted hosts Sean Donelan (Apr 04)
- Re: botted hosts Simon Waters (Apr 05)
- Re: botted hosts Suresh Ramasubramanian (Apr 03)
- Re: botted hosts Suresh Ramasubramanian (Apr 04)
- Re: botted hosts Florian Weimer (Apr 04)
- Re: botted hosts Suresh Ramasubramanian (Apr 04)
- Re: botted hosts Petri Helenius (Apr 05)
- Re: botted hosts Petri Helenius (Apr 04)
- Re: botted hosts Valdis . Kletnieks (Apr 04)