Re: Killing a fly with a jackhammer

Author	All Replies
Steve I'm a PC, so shut up Consultant join:2001-03-10 Yorba Linda, CA	reply to sonofjay Re: Killing a fly with a jackhammer said by sonofjay : Killing a fly with a jackhammer Um, the enormous volume of spam coming from Comcast hardly qualifies as "a fly" -- Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site
	to forum · permalink · · 2004-06-09 11:41:04 ·
sonofjay Mission Accomplished - Bush May 1, 2003 Premium,MVM join:2001-05-14 North Attleboro, MA ·Vonage ·Earthlink Cable Mo.. 1 edit	said by Steve : Um, the enormous volume of spam coming from Comcast hardly qualifies as "a fly" True, but this is simply treating the symptom and not the problem itself. And how long will it really be before a virus is written to use a different port? What will they do then block all ports? -- The war is over??
	to forum · permalink · · 2004-06-09 11:44:52 ·
Steve I'm a PC, so shut up Consultant join:2001-03-10 Yorba Linda, CA	said by sonofjay : And how long will it really be before a virus is written to use a different port? They won't: as long as 25/tcp is the only port that recipient mailservers listen on, blocking that outbound port stops the spam once and for all. I don't care of Comcast customers are infected, I just care that the spam stops. Steve -- Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site
	to forum · permalink · · 2004-06-09 11:51:08 ·
Link Logger Premium,MVM join:2001-03-29 Calgary, AB ·Shaw	reply to sonofjay While this will help as there are lots of open email servers out there, it will not stop spam, as sonofjay is correct that other ports are used to bounce spam (559 and 65506 are two very common virus installed proxies and I would bet filtering those two ports would have more of an effect then filtering port 25). The only solution is to go after the infected systems and spam servers spewing out this junk, but right now I'm happy to see someone trying something to help. Blake -- Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel
	to forum · permalink · · 2004-06-09 12:00:15 ·
Steve I'm a PC, so shut up Consultant join:2001-03-10 Yorba Linda, CA	Huh? Blocking inbound 25/tcp to Comcast subscribers would have the effect you suggest - use a different proxy port - but I believe we're talking about blocking outbound 25/tcp. This will stop all email coming from these infected machines. Steve -- Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site
	to forum · permalink · · 2004-06-09 12:05:32 ·
nixen Rockin' the Boxen Premium join:2002-10-04 Alexandria, VA ·Cox HSI ·Speakeasy	reply to sonofjay said by sonofjay : said by Steve : Um, the enormous volume of spam coming from Comcast hardly qualifies as "a fly" True, but this is simply treating the symptom and not the problem itself. And who long will it really be before a virus is written to use a different port? What will they do then block all ports? That's a REALLY naive argument. You assume two things: that all SMTP service providers will provide alternate port service on the same alternate port and that there's no authentication required on that alternate port. Unless every ISP sets up to listen on the same port, how is the virus going to know what port to connect to? Port-scan every MX host? That will just end up auto-blacklisting the scanning host - defeating the purpose of the virus. Granted, there is an RFC stipulated alternate port, the MSA port, 587, that viruses could try to go against, but doing so is problematic, as well. Mail services that bother to set up SMTP on alternate ports typically require authentication to pass traffic. Without authentication credentials, those viruses that are written to use alternate ports aren't really going to go anywhere. -tom -- "There are 10 types of people in the world... those who understand binary and those who don't." "That's only 2 types of people, moron"
	to forum · permalink · · 2004-06-09 12:10:20 ·
nixen Rockin' the Boxen Premium join:2002-10-04 Alexandria, VA ·Cox HSI ·Speakeasy	reply to Link Logger said by Link Logger : While this will help as there are lots of open email servers out there, it will not stop spam, as sonofjay is correct that other ports are used to bounce spam (559 and 65506 are two very common virus installed proxies and I would bet filtering those two ports would have more of an effect then filtering port 25). The only solution is to go after the infected systems and spam servers spewing out this junk, but right now I'm happy to see someone trying something to help. Your argument makes no sense. It doesn't matter where a proxy listens. If it's trying to reach an SMTP system outside of a blocked network, then blocking port 25 outbound is STILL going to destroy the effectiveness of that proxy. -tom -- "There are 10 types of people in the world... those who understand binary and those who don't." "That's only 2 types of people, moron"
	to forum · permalink · · 2004-06-09 12:15:03 ·
alien9999999 Your Head Looks Nice Premium join:2002-05-21 B-3000	reply to Steve it's more "killing billions of flys with a bunch of jackhammers" furthermore, even if every ISP blocks the port, it won't mean spam would be ended, but it would mean that every spam would be perfectly traceable and sueable (hopefully) and that spammers would have no place to run anymore... ...effectively ending 90% of all spam. -- Alien is my name and headbiting is my game.
	to forum · permalink · · 2004-06-09 12:31:22 ·
pvera join:2001-12-01 Reston, VA	reply to Steve More like a swarm of Cicadas!
	to forum · permalink · · 2004-06-09 13:53:03 ·


Saturday, 28-Nov 01:09:56	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com.republican-creole page compression OFF