|
North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Time to check the rate limits on your mail servers
- From: Gadi Evron
- Date: Thu Feb 03 10:56:19 2005
Hello
I am a bit concerned that blocking any port at all preventing abuse of
the affected service will make the abusers go through other services
instead. Port 139/445 is already blocked by several isps due to
excessive abuse or I believe they call it 'a security measurement'. Even
port 23 has been blocked (inbound and outbound) by atleast 1 large isp I
am aware of. When that mssql worm was lurking around isps were also
blocking that port. I hope I'm not the only one seeing a pattern here.
Really, blocking ports makes no sense to me in the long run. You are
destroying the service, and even if you block all ports there are
several ways to spam anyway. You would probably reply now saying that
"yeah but you get rid of 99% of the spammers that way". That is only
partly true. As time goes on all spammers will adopt to your isps new
"security policy" and if you still don't see the pattern I am talking
about now there is nothing more I can say. I don't have the solution to
all of this, but I sure know how to see what is not the solution. Teach
people how to write "Hello world" better perhaps.
I quite agree, blocking ports is not the best answer, as it is a
self-inflicted-DDoS.
Still, please tell me, how is not blocking un-used or un-necessary ports
a bad thing? It is a defensive measure much like you'd add barricades
before an attack.
The Internet is a war zone, but I don't have to tell the NANOG community
that.
Thing is, blocking port 25 won't cause spam to stop, there are no FUSSP
solution. Yet, we all recognize that SMTP is far from perfect.
And indeed, as others here are more qualified than me, by far, to tell
you, most development in anti-spam technology only helped short-term,
and caused the bad guys to evolve. Well, why is blocking port 25
different? See for yourself.
They now evolved, and are using user-credentials and ISP-servers. This
evolution means that their capabilities are severely decreased, at least
potentially.
This is the best next thing after dark Irish stout and ketchup.
It means ISP's will have to re-think their strategies, just like AOL
did. It also means it's once small step to victory for us. We are a long
way from it, and please - not everybody blocks port 25 so current-day
worms are more than efficient still.
It is nice to see fore thinking and long-term planning with the bad
guys, where all we can do is disagree.
Gadi.
|
|
|
