ingress SMTP

Alec Berry alec.berry at restontech.com
Wed Sep 3 11:57:51 CDT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael Thomas wrote:
> I think this all vastly underrates the agility of the bad guys. So
> lots of ISP's have blocked port 25. Has it made any appreciable
> difference? Not that I can tell. If you block port 25, they'll just
> use another port and a relay if necessary.

I'm pretty sure it has, although without aggregate stats from various
ISPs it is hard to tell. Since mail transport is exclusively on port 25
(as opposed to mail submission), a bot cannot just hop to another port.

> But the thing that's really pernicious about this sort of policy is
> that it's a back door policy for ISP's to clamp down on all outgoing
> ports in the name of "security".

I don't think ISPs have anything to gain by randomly blocking ports.
They may block a port that is often used for malicious behavior
(135-139, 194, 445, 1433, 3306 come to mind) as a way to reduce their
support calls-- but they would have to balance that with the risk of
loosing customers. It's not as much a slippery slope as much as it is a
tightrope act (yes-- I am metaphorically challenged).

...
alec

- --
`____________
/ Alec Berry \______________________________
| Senior Partner and Director of Technology \
| PGP/GPG key 0xE8E9030F                    |
| http://alec.restontech.com/#PGP           |
|-------------------------------------------|
|             RestonTech, Ltd.              |
|        http://www.restontech.com/         |
|          Phone: (703) 234-2914            |
\___________________________________________/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIvsINREO1P+jpAw8RAvKNAKC83NJgwv4EakAv/jw5biO79D/xEwCgldZ+
JHkb3LboeAD2GC77vcb06Y4=
=nfVP
-----END PGP SIGNATURE-----




More information about the NANOG mailing list