ISP port blocking practice
Butch Evans
butche at butchevans.com
Fri Sep 3 16:10:09 UTC 2010
On Thu, 2010-09-02 at 23:08 -0500, Jack Bates wrote:
> He's right though. tcp/25 blocks are a hack. Easy man's way out.
Also, this can be a little problematic to end users.
> Honestly, it'd be nicer if edge or even core systems could easily handle
> higher level filtering for things like this. There's plenty of systems
> that watch traffic patterns and issue blocks based on those patterns.
I am not an ISP, but provide consulting services to ISPs. My approach
to this problem is somewhat more dynamic than simple blocking of
outbound port 25. Bear in mind, that I don't do much consulting for
companies that are transport for other ISPs (though I have a few of
those type clients). My approach is quite simple, but has been pretty
effective for those clients that are using it:
* Watch for outbound mail checking traffic (TCP/110, TCP 143, etc.) and
capture the server IPs these users are talking to
* Permit outbound SMTP coming FROM known mail servers inside the network
* Permit inbound SMTP going TO known mail servers inside the network
* Permit outbound SMTP going TO mail servers that our end users use the
CHECK their mail
* Log the IP of the end users trying to send outbound email via a server
that is NOT on the above list.
* Deny all other outbound SMTP
This method is nearly 100% effective in eliminating spam bots that are
currently the most common type. These spam bots originate smtp
connections direct to the MX for the list they are sending mail to.
This method is relatively problem free for the ISP once it is set up.
--
********************************************************************
* Butch Evans * Professional Network Consultation*
* http://www.butchevans.com/ * Network Engineering *
* http://store.wispgear.net/ * Wired or Wireless Networks *
* http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! *
********************************************************************
More information about the NANOG
mailing list