Open relays and open proxies

Jack Bates jbates at
Fri Apr 25 02:13:19 UTC 2003

Jeff Kell wrote:
> If we could somehow blackhole *only* SMTP inbound, that would be ideal, 
> but I feel that blackholing all IP from/to those sites would be far too 
> much collateral damage.

That's where the problem lies. We consider it inconvenient. Too often do 
we not take action because it would cause collateral damage. How many 
ISPs only warn their customers about worm/virus infection versus 
suspending the account until it is fixed? In the case of open proxies, 
the most highlighted damage is the sending of spam. However, these boxes 
can perform any server a hacker would like. To make it even nicer, there 
are dnsbl's out there to provide you a list of boxes that you can use to 
anonymize with. May not work with port 25, but how about port 80, 23, 
21, 110, etc?

The risk is real. We just choose to ignore it. It will come back to 
haunt us. Forget port 25 blocks. zap the whole IP.


More information about the NANOG mailing list