[129426] in North American Network Operators' Group
Re: ISP port blocking practice
daemon@ATHENA.MIT.EDU (Owen DeLong)
Sun Sep 5 22:45:21 2010
From: Owen DeLong <owen@delong.com>
In-Reply-To: <AANLkTimV6Vev7y_=VC3qyVpqWL4JWYn379p=-e9ct5ha@mail.gmail.com>
Date: Sun, 5 Sep 2010 19:43:27 -0700
To: Claudio Lapidus <clapidus@gmail.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sep 5, 2010, at 10:36 AM, Claudio Lapidus wrote:
> Hello all,
>=20
> On Fri, Sep 3, 2010 at 11:30 PM, Ricky Beam <jfbeam@gmail.com> wrote:
>>=20
>> If I block port 25 on my network, no spam will originate from it.
>> (probablly) The spammers will move on to a network that doesn't block =
their
>> crap. As long as there are such open networks, spam will be rampant. =
If,
>> overnight, every network filtered port 25, spam would all but =
disappear.
>> But spam would not completely disappear -- it would just be coming =
from
>> known mailservers :-) thus enters outbound scanning and the =
frustrated user
>> complaints from poorly tuned systems...
>>=20
>=20
> That won't be probably the case. Here recently we conducted a rather
> comprehensive analysis on dns activity from subscribers, and we've
> found that in IP ranges that already have outgoing 25 blocked we were
> still getting complaints about originating spam. It turned out that
> the bots also know how to send through webmail, so port 25 blocking
> renders ineffective there.
>=20
> --cl.
Perhaps a new BCP is coming from MAAWG suggesting we now
block outbound port 80.
Owen
