ISP port blocking practice

deleskie at gmail.com deleskie at gmail.com
Mon Sep 6 17:38:15 CDT 2010


Having worked in past @ 3 large ISPs with residential customer pools I can tell you we saw a very direct drop in spam issues when we blocked port 25.

-jim
Sent from my BlackBerry device on the Rogers Wireless Network

-----Original Message-----
From: "Patrick W. Gilmore" <patrick at ianai.net>
Date: Mon, 6 Sep 2010 17:54:49 
To: NANOG list<nanog at nanog.org>
Subject: Re: ISP port blocking practice

On Sep 6, 2010, at 9:22 AM, Brett Frankenberger wrote:
> On Sun, Sep 05, 2010 at 09:18:54PM -0400, Jon Lewis wrote:
>> 

>> Getting rid of the vast majority of open relays and open proxies didn't  
>> solve the spam problem, but there'd be more ways to send spam if those  
>> methods were still generally available.  The idea that doing away with  
>> open relays and proxies was ineffective, so we may as well not have done  
>> and should go back to deploying open relays and open proxies it is silly.
> 
> Is it?  It's likely true that the amount of span sent through open
> relays today is smaller than the amount of spam send through open
> relays 10 years ago.  If the objective is "less spam via open relays",
> closing down open relays was a raging success.  But that's not the
> objective.  The objective is less spam, and there's certainly not less
> spam today than there was 10 years ago.
> 
> Of course, those who worked to close open relays might argue that there
> would be even more spam today if there were still open relays.  But
> they don't know that and there's no real evidence to support that.

You are incorrect.  There is vast evidence that closing open relays resulted in less spam.

You can do a very simple experiment to satisfy your own curiosity.  Open your SMTP host or HTTP proxy, wait a couple days and see what happens.


> The theory behind closing open relays, blocking port 25, etc., seems to
> be:
> (a) That will make it harder on spammers, and that will reduce spam --
> some of the spammers will find other other ways to inject spam, but
> some will just stop, OR
> (b) Eventually, we'll find technical solutions to *all* the ways spam
> is injected, and then there will be no more spam.

To be clear, even if there were not "vast evidence" blocking port 25 helped lower spam loads (and there_is_), it should still be filtered on residential / dynamic pools.

There is more DDoS today than ever before.  I guess we should all enable directed broadcast again.  Miscreants aren't using smurf attacks (or at least I haven't seen it, therefore it doesn't exist, right?), and there are other tons of other ways to DDoS people.  So we should just open them back up, right?

If that doesn't sound ridiculously stupid to you, then you know nothing of DDoS fighting either.  And if it does sound stupid to you, .. well, I think you get the point.


> There's little evidence for either.

You are wrong.

If you do not actually know something (and "I haven't heard of it" or "my friends don't like it" or "I don't see how ..." does not equal "I -know-"), then please refrain from making factual sounding statements.  [Yeah, yeah, this is NANOG.  Chances of that happening are nil.  But at least the people who are willing to make such statements are self-identifying for easy future reference.]

-- 
TTFN,
patrick




More information about the NANOG mailing list