nanog mailing list archives
Re: Providers removing blocks on port 135?
From: Richard Cox <Richard () mandarin com>
Date: Sat, 20 Sep 2003 23:46:40 +0100
On Sat, 20 Sep 2003 15:05:08 -0700 Owen DeLong <owen () delong com> wrote: | I'm not convinced blocking port 25 on dialups helps much with that. | What it does help with is preventing them from connecting to open | relays. There are so few open relays now that spammers have moved on. They now use, almost without exception, compromised Windows boxes acting as open proxies, or on which a trojan spam-sender of some sort has been installed - usually by one of the recent stream of viruses/worms. Blocking outbound port 25, other than via a designated smarthost, would at least prevent the direct-to-MX traffic from compromised boxes - which currently seems to be the spammers "method of choice". | The real solution in the long run will be two-fold: | 1. Internet hosts need to become less penetrable. | (or at least one particular brand of software) | | 2. SMTP AUTH will need to become more widespread and end-to-endish. Right on both counts. But "end-to-end" may have to include the senders' fingers: as if bundled mail-client software contains the AUTH password it will be trivial for the spammers to hijack at the client level. And users won't like having to key in their password each time, meaning that trivial, guessable passwords will often be used. In recent weeks one particular spammer seems to have perfected a knack of breaking SMTP AUTH passwords on a widespread basis. Governments on both sides of the Pond may be reluctant to make spam illegal, but the issue is not spam (or we couldn't be discussing it here). This is a matter of system and network security, and if law enforcement had the skills, resources and motivation to deal with what are clear breaches of existing laws, admins' jobs would be significantly easier. Until then, we have to deal with issues as they arise. Networks need to be contactable quickly when compromised sites start to be misused, and to respond immediately. Not just wait until "Monday Morning" in their timezone ... if we can't deal with the incidents in real time, how can we expect law enforcement to do anything? Hello Comcast, Skynet, Ireland-onLine, NTL in the UK ... need I go on? Where's Declan McC when we need him? -- Richard
Current thread:
- RE: Providers removing blocks on port 135?, (continued)
- RE: Providers removing blocks on port 135? Mark Borchers (Sep 19)
- Re: Providers removing blocks on port 135? bmanning (Sep 19)
- Re: Providers removing blocks on port 135? Sean Donelan (Sep 20)
- Re: Providers removing blocks on port 135? Owen DeLong (Sep 20)
- Re: Providers removing blocks on port 135? Rob Thomas (Sep 20)
- Re: Providers removing blocks on port 135? Owen DeLong (Sep 20)
- Re: Providers removing blocks on port 135? Ray Bellis (Sep 20)
- Re: Providers removing blocks on port 135? David B Harris (Sep 20)
- Re: Providers removing blocks on port 135? Ray Bellis (Sep 20)
- Re: Providers removing blocks on port 135? Niels Bakker (Sep 20)
- Re: Providers removing blocks on port 135? Richard Cox (Sep 20)
- Re: Providers removing blocks on port 135? Margie (Sep 20)
- Re: Providers removing blocks on port 135? Andy Walden (Sep 20)
- Re: Providers removing blocks on port 135? Margie (Sep 20)
- Re: Providers removing blocks on port 135? Jack Bates (Sep 22)
- Re: Providers removing blocks on port 135? Sean Donelan (Sep 20)
- Re: Providers removing blocks on port 135? Justin Shore (Sep 20)
- Any actual data to back up blocking Netbios ports? Sean Donelan (Sep 20)
- Re: Providers removing blocks on port 135? John Kristoff (Sep 21)
- Re: Providers removing blocks on port 135? Justin Shore (Sep 20)
- Re: Providers removing blocks on port 135? jlewis (Sep 20)