sonofjay
Mission Accomplished - Bush May 1, 2003
Premium,MVM
join:2001-05-14
North Attleboro, MA | Killing a fly with a jackhammer
Hope it works! |
|
kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH
1 edit | What isn't mentioned in the BBR article but is mentioned in the Comcast forum and a CNet article, is that Comcast plans on targeting the blocks toward subscribers that are sending out spam, rather than foisting the blocks on everyone. This way it won't affect the majority of subscribers. After all, there are probably more people out there who legitimately use 3rd party SMTP servers, which would be negatively affected by such a block than there are spamming zombies.
--
Robert Tappan Morris, Jr., got six months in jail for crashing 10% of the computers that Bill Gates made $100 million crashing last weekend. |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| reply to sonofjay
said by sonofjay  :
Killing a fly with a jackhammer
Um, the enormous volume of spam coming from Comcast hardly qualifies as "a fly"
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
ctceo
Premium
join:2001-04-26
South Bend, IN
clubs: | Psssh.
At least until they start going out over different ports. OOPS, maybe they should have though of that, ROFLMAO at their ignorance. |
|
sonofjay
Mission Accomplished - Bush May 1, 2003
Premium,MVM
join:2001-05-14
North Attleboro, MA
 ·Vonage
 ·Earthlink Cable Mo..
1 edit | reply to Steve
Re: Killing a fly with a jackhammer
said by Steve :
Um, the enormous volume of spam coming from Comcast hardly qualifies as "a fly"
True, but this is simply treating the symptom and not the problem itself. And how long will it really be before a virus is written to use a different port? What will they do then block all ports?
--
The war is over?? |
|
kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH
| reply to ctceo
Re: Psssh.
Well it's hard to send mail out over other ports unless smtp servers listen on those ports... but what I'm hoping is, since these blocks are targeted toward zombied customers, that they'll notify them and get them to clean their systems, rather than considering the block as a long term solution.
--
Robert Tappan Morris, Jr., got six months in jail for crashing 10% of the computers that Bill Gates made $100 million crashing last weekend. |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| reply to ctceo
said by ctceo :
ROFLMAO at their ignorance.
Laughing at yourself today?
Considering that the recipient mailservers are only generally listening on port 25/tcp, how might you suggest that spamware circumvent a block on this outbound port?
Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
newview
Ex .. Ex .. Exactly
Premium
join:2001-10-01
Parsonsburg, MD
| It's about damn time . . .
Whatever implementation Comcast decides to go with, whether it's targeted or blanket blocking, it was way past time to drastically address the horrible spam problem they allowed themselves to get into. I can't help but think that the recent SPEWS & AHBL listings were instrumental in forcing management at Comcast to finally start listening to their engineering department.
Now, along with this, they need to start looking at Spamhaus.org and getting those entries taken care of.
--
The Rules of Spam | Maryland's Newest Anti-Spam Law
Where are we going? And what's with the hand basket? |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| reply to sonofjay
Re: Killing a fly with a jackhammer
said by sonofjay :
And how long will it really be before a virus is written to use a different port?
They won't: as long as 25/tcp is the only port that recipient mailservers listen on, blocking that outbound port stops the spam once and for all.
I don't care of Comcast customers are infected, I just care that the spam stops.
Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
gruggni
Oxygen Gets You High
join:2003-07-28
Corpus Christi, TX
1 edit | port 25
Once port 25 is blocked they will switch to another port.
I can almost sense the possibility for a DoS on returned email. I feel a disturbance in the force.
--
"I'm sick of following my dreams man; I'm just going to ask where they're going and hook up with them later."
- Mitch Hedberg |
|
HiVolt
30
Premium
join:2000-12-28
Toronto, ON
clubs: | reply to Steve
Re: Psssh.
My DSL ISP here in Canada, Bell Sympatico, has been blocking port 25 for several years now. I hate it, I'm stuck using their crap servers, which tend to be very unreliable at times. |
|
pnh102
Reptiles Are Cuddly And Pretty
Premium
join:2002-05-02
Mount Airy, MD
·Comcast
| Thanks Idiots!
Once again, I would like to thank all the idiot computer users out there who never patch their systems, don't use firewalls, install all the spyware/crapware they can find onto their machines and ruin the Internet for the rest of us responsible computer users who don't do these things. Its too bad your connections can't just drop dead instead.
Jerks.
--
Win another one for the Gipper! Bush/Cheney 2004 |
|
Zshen
join:2002-06-10
West Des Moines, IA
clubs:
1 edit | reply to sonofjay
Re: Killing a fly with a jackhammer
It's about time they do something. It's obvious they don't pay attention to any spam/abuse reports since I'm still getting hammered 6 months later from the same compromised open relay computer.
--
"The most overlooked advantage of owning a computer is that if they foul up there's no law against whacking them around a bit." |
|
kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH
| reply to pnh102
Re: Thanks Idiots!
I agree, I think Comcast should block ports 0-65535 for zombied subscribers, in other words, cut them off completely until they clean their system. But of course, that would require hiring more customer support staff to answer the calls. Implementing a blanket block on 25 would also overwhelm the support staff since anyone using a third-party server to send mail would be affected. This is why Comcast is planning to *only* block 25 for subscribers who are sending spam. They should also notify them so they can take the necessary action to clean their systems.
Believe me, if they blocked 25 for everyone, I'd be dropping them like a hot potato. Hopefully their plan will work and it won't come to that.
--
Robert Tappan Morris, Jr., got six months in jail for crashing 10% of the computers that Bill Gates made $100 million crashing last weekend. |
|
DonLibes
Premium,ExMod 2001
join:2003-01-19
| reply to kpatz
Re: Killing a fly with a jackhammer
said by kpatz :
What isn't mentioned in the BBR article but is mentioned in the Comcast forum and a CNet article, is that Comcast plans on targeting the blocks toward subscribers that are sending out spam, rather than foisting the blocks on everyone.
How does Comcast's proposed implementation only target subscribers sending out spam? I need to use my employer's SMTP server (Comcast's SMTP server has too many limits on outbound mail plus it's much lower reliability, has long latency, etc.) So would I still be able to use my employer's SMTP server? How would Comcast differentiate? |
|
Jim_F
Premium
join:2004-01-19
Caldwell, NJ
| reply to pnh102
Re: Thanks Idiots!
said by pnh102 :
Once again, I would like to thank all the idiot computer users out there who...install all the spyware/crapware they can find onto their machines and ruin the Internet for the rest of us responsible computer users who don't
So there are people who willingly install malicious programs on their computers? Why do I tend to doubt that. I know of "responsible" computer users who have wound up with spy/adware on their machines, too. But that's not the point here.
The point is that I have multiple email accounts on my own mail server (remotely hosted) and with my employer. If suddenly I can't access those accounts from home, I will have to dump Comcast since too much important mail comes through those accounts.
On the other hand, so does lots of spam. So hopefully this resolves something.
-jim |
|
MassonJohn
@comcast.net | reply to pnh102
No Shit!
I have about 20 mailboxes coming from my .com into Outlook at the moment. Using Webmail for all of them is going to be a royal pain the ass. Oh well.....What can one do? |
|
Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
·Shaw
| reply to sonofjay
Re: Killing a fly with a jackhammer
While this will help as there are lots of open email servers out there, it will not stop spam, as sonofjay is correct that other ports are used to bounce spam (559 and 65506 are two very common virus installed proxies and I would bet filtering those two ports would have more of an effect then filtering port 25).
The only solution is to go after the infected systems and spam servers spewing out this junk, but right now I'm happy to see someone trying something to help.
Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| reply to gruggni
Re: port 25
said by gruggni :
Once port 25 is blocked they will switch to another port.
Why do people keep saying this: it doesn't work that way.
In order for spamware to send spam, it has to connect to a port that a mailserver is listening on. Considering that the only port in common use is 25/tcp, "trying other ports" will get them nowhere.
Blocking outbound port 25/tcp will completely halt this problem.
Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH
| reply to DonLibes
Re: Killing a fly with a jackhammer
said by DonLibes :
How does Comcast's proposed implementation only target subscribers sending out spam? I need to use my employer's SMTP server (Comcast's SMTP server has too many limits on outbound mail plus it's much lower reliability, has long latency, etc.) So would I still be able to use my employer's SMTP server? How would Comcast differentiate?
I presume they would go by Spamhaus etc. reports and/or abuse complaints, and just block those who are known to have sent large amounts of spam.
Sending legitimate mail to a legitimate 3rd-party server shouldn't get their attention.
--
Robert Tappan Morris, Jr., got six months in jail for crashing 10% of the computers that Bill Gates made $100 million crashing last weekend. |
|
