Open relays and open proxies
jbates at brightok.net
Fri Apr 25 02:13:19 UTC 2003
Jeff Kell wrote:
> If we could somehow blackhole *only* SMTP inbound, that would be ideal,
> but I feel that blackholing all IP from/to those sites would be far too
> much collateral damage.
That's where the problem lies. We consider it inconvenient. Too often do
we not take action because it would cause collateral damage. How many
ISPs only warn their customers about worm/virus infection versus
suspending the account until it is fixed? In the case of open proxies,
the most highlighted damage is the sending of spam. However, these boxes
can perform any server a hacker would like. To make it even nicer, there
are dnsbl's out there to provide you a list of boxes that you can use to
anonymize with. May not work with port 25, but how about port 80, 23,
21, 110, etc?
The risk is real. We just choose to ignore it. It will come back to
haunt us. Forget port 25 blocks. zap the whole IP.
More information about the NANOG