nanog mailing list archives
Re: ingress SMTP
From: Alec Berry <alec.berry () restontech com>
Date: Wed, 03 Sep 2008 12:57:51 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael Thomas wrote:
I think this all vastly underrates the agility of the bad guys. So lots of ISP's have blocked port 25. Has it made any appreciable difference? Not that I can tell. If you block port 25, they'll just use another port and a relay if necessary.
I'm pretty sure it has, although without aggregate stats from various ISPs it is hard to tell. Since mail transport is exclusively on port 25 (as opposed to mail submission), a bot cannot just hop to another port.
But the thing that's really pernicious about this sort of policy is that it's a back door policy for ISP's to clamp down on all outgoing ports in the name of "security".
I don't think ISPs have anything to gain by randomly blocking ports. They may block a port that is often used for malicious behavior (135-139, 194, 445, 1433, 3306 come to mind) as a way to reduce their support calls-- but they would have to balance that with the risk of loosing customers. It's not as much a slippery slope as much as it is a tightrope act (yes-- I am metaphorically challenged). ... alec - -- `____________ / Alec Berry \______________________________ | Senior Partner and Director of Technology \ | PGP/GPG key 0xE8E9030F | | http://alec.restontech.com/#PGP | |-------------------------------------------| | RestonTech, Ltd. | | http://www.restontech.com/ | | Phone: (703) 234-2914 | \___________________________________________/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIvsINREO1P+jpAw8RAvKNAKC83NJgwv4EakAv/jw5biO79D/xEwCgldZ+ JHkb3LboeAD2GC77vcb06Y4= =nfVP -----END PGP SIGNATURE-----
Current thread:
- Re: ingress SMTP, (continued)
- Re: ingress SMTP David Champion (Sep 04)
- Re: ingress SMTP Joel Jaeggli (Sep 10)
- Re: ingress SMTP Robert E. Seastrom (Sep 11)
- Re: ingress SMTP Bill Stewart (Sep 12)
- Re: ingress SMTP Mark Foster (Sep 12)
- Re: ingress SMTP Matthew Moyle-Croft (Sep 12)
- RE: ingress SMTP Frank Bulk (Sep 13)
- Re: ingress SMTP Matthew Moyle-Croft (Sep 13)
- Re: ingress SMTP Suresh Ramasubramanian (Sep 13)
- RE: ingress SMTP Frank Bulk (Sep 13)
- Re: ingress SMTP Alec Berry (Sep 03)
- Re: ingress SMTP Stephen Sprunk (Sep 03)
- Re: ingress SMTP Simon Waters (Sep 03)
- Re: ingress SMTP Justin Scott (Sep 03)
- Re: ingress SMTP Suresh Ramasubramanian (Sep 03)
- Re: ingress SMTP Daniel Senie (Sep 03)
- Re: ingress SMTP Chris Boyd (Sep 03)