nanog mailing list archives
Re: Time to check the rate limits on your mail servers
From: Jason Frisvold <xenophage0 () gmail com>
Date: Thu, 3 Feb 2005 12:16:41 -0500
On Thu, 03 Feb 2005 17:54:28 +0200, Gadi Evron <ge () linuxbox org> wrote:
Still, please tell me, how is not blocking un-used or un-necessary ports a bad thing? It is a defensive measure much like you'd add barricades before an attack.
Agreed. And depending on your service, there are different ports worth blocking. For residential users, I can't see a reason to not block something like Netbios. And blocking port 25 effectively prevents zombies from spamming. Unfortunately, it also blocks legitimate users from being able to use SMTP AUTH on a remote server..
They now evolved, and are using user-credentials and ISP-servers. This evolution means that their capabilities are severely decreased, at least potentially.
Has this been confirmed? Does this new worm, in fact, use SMTP AUTH where necessary? Will it also check the port that the user's computer is set to send mail on? So, for instance, if SMTP AUTH is required, and the mail submission port is being used rather than standard port 25, will the worm detect all this? The nice part about SMTP AUTH, though, is that there is at least a direct link to the user sending the spam. This means, of course, that ISP's will need to police their users a little better.. :)
It means ISP's will have to re-think their strategies, just like AOL did. It also means it's once small step to victory for us. We are a long way from it, and please - not everybody blocks port 25 so current-day worms are more than efficient still.
So I guess users will have to stop clicking that "Save Password" button... That is, until the worm records the keystrokes when the password is entered... *sigh*
Gadi.
-- Jason 'XenoPhage' Frisvold XenoPhage0 () gmail com
Current thread:
- Re: Time to check the rate limits on your mail servers, (continued)
- Re: Time to check the rate limits on your mail servers Rich Kulawiec (Feb 03)
- Re: Time to check the rate limits on your mail servers Gadi Evron (Feb 03)
- Re: Time to check the rate limits on your mail servers Raymond Dijkxhoorn (Feb 03)
- Re: Time to check the rate limits on your mail servers Gadi Evron (Feb 03)
- Re: Time to check the rate limits on your mail servers Raymond Dijkxhoorn (Feb 03)
- Re: Time to check the rate limits on your mail servers Gadi Evron (Feb 03)
- Re: Time to check the rate limits on your mail servers Michael . Dillon (Feb 03)
- Re: Time to check the rate limits on your mail servers Scott Weeks (Feb 03)
- Re: Time to check the rate limits on your mail servers Raymond Dijkxhoorn (Feb 03)
- Re: Time to check the rate limits on your mail servers Jørgen Hovland (Feb 03)
- Re: Time to check the rate limits on your mail servers Gadi Evron (Feb 03)
- Re: Time to check the rate limits on your mail servers Jason Frisvold (Feb 03)
- Re: Time to check the rate limits on your mail servers Valdis . Kletnieks (Feb 03)
- Re: Time to check the rate limits on your mail servers Jason Frisvold (Feb 03)
- Re: Time to check the rate limits on your mail servers Todd Vierling (Feb 03)
- Re: Time to check the rate limits on your mail servers Nils Ketelsen (Feb 03)
- Re: Time to check the rate limits on your mail servers Petri Helenius (Feb 03)
- Re: Time to check the rate limits on your mail servers Rich Kulawiec (Feb 03)
- Re: Time to check the rate limits on your mail servers Andy Johnson (Feb 03)
- Re: Time to check the rate limits on your mail servers Jørgen Hovland (Feb 03)
- Re: Time to check the rate limits on your mail servers Edward B. Dreger (Feb 03)
- Re: Time to check the rate limits on your mail servers Nanog List (Feb 03)