North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Providers removing blocks on port 135?
My guess is that you haven't heard of the current issue with various servers running SMTP AUTH. These MTAs are secure by normal mechanisms, but are being made to relay spam anyway.
You're right. It's been a while since I was last on the front lines of this issue.
It's hard enough to get mailservers secured when they are maintained by real sysadmins on static IPs with proper and informative PTR records. When the IP addresses sourcing the spam are moving targets, with "generic" PTR records, and the machines are being operated by end users with no knowledge that their computer is even capable of sending direct to MX mail, the situation is impossible to solve without ISP intervention via Port filtering, etc.
So, what you're saying is that a large number of easily compromised hosts are the Root Cause. While blocking port 25 traffic from these systems is a convenient patch, it's not a solution to the root cause. The solution is to make the hosts less vulnerable. One step towards doing that will be to put real product liability on the vendor of the software and the corporations running fleets of compromised systems. Right now, Windows owns the world and the hackers own Windows. The only corporate wake-up call that seems to get understood is one that comes from the legal department.
There are lots of different scenarios available. The bottom line is stillIf the person running the system in question chooses to do so, yes, they should be able to do so.If the person running the system in question wants to run server class services, such as ftp, smtp, etc, then they need to get a compatible connection to the internet. There are residential service providers that allow static IP addressing, will provide rDNS, and allow all the servers you care to run. They generally cost more than dial-ups or typical dynamic residential broadband connections. As a rule, you tend to get what you pay for.
that, while an effective workaround, blocking internet ports is not a solution
to the root cause of the problem. When we decide that workarounds are
solutions, we only invite an arms race of escalating denial of services.
My concern is that we seem to have reached a place where we take for granted
the immutable vulnerability of systems and, therefore, don't seek to solve
the problem, but, instead decide to move from one workaround to the next.
I agree the workarounds are necessary for now, but, that doesn't mean we
should accept them as permanent solutions. We should work to solve the
root cause of the problem as well.
-- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Margie Arbon Mail Abuse Prevention System, LLC email@example.com http://mail-abuse.org