Time to check the rate limits on your mail servers

• Previous message (by thread): Time to check the rate limits on your mail servers
• Next message (by thread): Time to check the rate limits on your mail servers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Hello
> I am a bit concerned that blocking any port at all preventing abuse of 
> the affected service will make the abusers go through other services 
> instead.  Port 139/445 is already blocked by several isps due to 
> excessive abuse or I believe they call it 'a security measurement'. Even 
> port 23 has been blocked (inbound and outbound) by atleast 1 large isp I 
> am aware of. When that mssql worm was lurking around isps were also 
> blocking that port. I hope I'm not the only one seeing a pattern here. 
> Really, blocking ports makes no sense to me in the long run. You are 
> destroying the service, and even if you block all ports there are 
> several ways to spam anyway. You would probably reply now saying that 
> "yeah but you get rid of 99% of the spammers that way". That is only 
> partly true. As time goes on all spammers will adopt to your isps new 
> "security policy" and if you still don't see the pattern I am talking 
> about now there is nothing more I can say. I don't have the solution to 
> all of this, but I sure know how to see what is not the solution. Teach 
> people how to write "Hello world" better perhaps.

I quite agree, blocking ports is not the best answer, as it is a 
self-inflicted-DDoS.

Still, please tell me, how is not blocking un-used or un-necessary ports 
a bad thing? It is a defensive measure much like you'd add barricades 
before an attack.

The Internet is a war zone, but I don't have to tell the NANOG community 
that.

Thing is, blocking port 25 won't cause spam to stop, there are no FUSSP 
solution. Yet, we all recognize that SMTP is far from perfect.

And indeed, as others here are more qualified than me, by far, to tell 
you, most development in anti-spam technology only helped short-term, 
and caused the bad guys to evolve. Well, why is blocking port 25 
different? See for yourself.

They now evolved, and are using user-credentials and ISP-servers. This 
evolution means that their capabilities are severely decreased, at least 
potentially.

This is the best next thing after dark Irish stout and ketchup.

It means ISP's will have to re-think their strategies, just like AOL 
did. It also means it's once small step to victory for us. We are a long 
way from it, and please - not everybody blocks port 25 so current-day 
worms are more than efficient still.

It is nice to see fore thinking and long-term planning with the bad 
guys, where all we can do is disagree.

	Gadi.

• Previous message (by thread): Time to check the rate limits on your mail servers
• Next message (by thread): Time to check the rate limits on your mail servers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]