Providers removing blocks on port 135?

• Previous message (by thread): Providers removing blocks on port 135?
• Next message (by thread): Providers removing blocks on port 135?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> My guess is that you haven't heard of the current issue with various
> servers running SMTP AUTH. These MTAs are secure by normal
> mechanisms, but are being made to relay spam anyway.
>
You're right.  It's been a while since I was last on the front lines
of this issue.

> It's hard enough to get mailservers secured when they are maintained
> by real sysadmins on static IPs with proper and informative PTR
> records. When the IP addresses sourcing the spam are moving targets,
> with "generic" PTR records, and the machines are being operated by
> end users with no knowledge that their computer is even capable of
> sending direct to MX mail, the situation is impossible to solve
> without ISP intervention via Port filtering, etc.
>
So, what you're saying is that a large number of easily compromised hosts
are the Root Cause.  While blocking port 25 traffic from these systems
is a convenient patch, it's not a solution to the root cause.  The solution
is to make the hosts less vulnerable.  One step towards doing that will
be to put real product liability on the vendor of the software and the
corporations running fleets of compromised systems.  Right now, Windows
owns the world and the hackers own Windows.  The only corporate wake-up
call that seems to get understood is one that comes from the legal
department.

>
>> If the person running the system in question chooses to do so, yes,
>> they should be able to do so.
>
> If the person running the system in question wants to run server
> class services, such as ftp, smtp, etc, then they need to get a
> compatible connection to the internet. There are residential service
> providers that allow static IP addressing, will provide rDNS, and
> allow all the servers you care to run.  They generally cost more than
> dial-ups or typical dynamic residential broadband connections.  As a
> rule, you tend to get what you pay for.
>
There are lots of different scenarios available.  The bottom line is still
that, while an effective workaround, blocking internet ports is not a 
solution
to the root cause of the problem.  When we decide that workarounds are
solutions, we only invite an arms race of escalating denial of services.
My concern is that we seem to have reached a place where we take for granted
the immutable vulnerability of systems and, therefore, don't seek to solve
the problem, but, instead decide to move from one workaround to the next.
I agree the workarounds are necessary for now, but, that doesn't mean we
should accept them as permanent solutions.  We should work to solve the
root cause of the problem as well.

Owen

> --
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Margie Arbon                   Mail Abuse Prevention System, LLC
> margie at mail-abuse.org          http://mail-abuse.org
>

• Previous message (by thread): Providers removing blocks on port 135?
• Next message (by thread): Providers removing blocks on port 135?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]