nanog mailing list archives
Re: RE: ISP port blocking practice
From: Joshua William Klubi <joshua.klubi () gmail com>
Date: Mon, 13 Sep 2010 19:10:09 +0000
Most of us tend to do only default settings,it would better if we dig better into our settings and apply stricter rules to enhance security Sent from my HTC HD2 on Android On 13 Sep 2010 13:55, "Brian Johnson" <bjohnson () drtel com> wrote:
Brian J.-----Original Message----- From: Ricky Beam [mailto:jfbeam () gmail com] Sent: Friday, September 03, 2010 9:30 PM To: Owen DeLong; Patrick W. Gilmore Cc: NANOG list Subject: Re: ISP port blocking practice On Fri, 03 Sep 2010 08:12:01 -0400, Owen DeLong <owen () delong com> wrote:Really? So, since so many ISPs are blocking port 25, there's lotslessspam hitting our networks?Less than there could be. It appears a lot less effective becausethereare so many ISPs not doing any blocking. Both of my residential connections are open, and always have been. (even dialup was unblocked. which I always found odd since the UUNET wholesale dialup agreement requires the RADIUS response contain a packet filter limiting port 25toyour mail server(s).) If I block port 25 on my network, no spam will originate from it. (probablly) The spammers will move on to a network that doesn't block their crap. As long as there are such open networks, spam will be rampant. If, overnight, every network filtered port 25, spam would all but disappear. But spam would not completely disappear -- it wouldjustbe coming from known mailservers :-) thus enters outbound scanning and the frustrated user complaints from poorly tuned systems... --RickyThis is what we (network admins) get paid to do! If we are running a server that is a security risk to the net, then we can't complain when it gets filtered. It is our job to do our due diligence and ensure our servers are not spam hot-beds or open relays (or other bad stuff, etc...). The port 25 blocking simply prevents the largest volume of hosts in an ISP network, the users, from being a spam delivery platform. - Brian CONFIDENTIALITY NOTICE: This email message, including any attachments, is
for the sole use of the
intended recipient(s) and may contain confidential and privileged
information. Any unauthorized review,
copying, use, disclosure, or distribution is prohibited. If you are not
the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message. Thank you.
Current thread:
- Re: ISP port blocking practice, (continued)
- Re: ISP port blocking practice deleskie (Sep 06)
- Re: ISP port blocking practice Brett Frankenberger (Sep 06)
- Re: ISP port blocking practice Randy Bush (Sep 06)
- Re: ISP port blocking practice Suresh Ramasubramanian (Sep 06)
- Re: ISP port blocking practice Randy Bush (Sep 06)
- Re: ISP port blocking practice Suresh Ramasubramanian (Sep 06)
- Re: ISP port blocking practice Randy Bush (Sep 07)
- Re: ISP port blocking practice John Levine (Sep 09)
- Re: ISP port blocking practice Owen DeLong (Sep 05)
- RE: ISP port blocking practice Brian Johnson (Sep 13)
- Re: RE: ISP port blocking practice Joshua William Klubi (Sep 13)
- Re: ISP port blocking practice Franck Martin (Sep 02)
- Re: ISP port blocking practice Owen DeLong (Sep 03)