[129435] in North American Network Operators' Group
Re: ISP port blocking practice
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Mon Sep 6 17:55:09 2010
From: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <20100906132205.GA21165@panix.com>
Date: Mon, 6 Sep 2010 17:54:49 -0400
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sep 6, 2010, at 9:22 AM, Brett Frankenberger wrote:
> On Sun, Sep 05, 2010 at 09:18:54PM -0400, Jon Lewis wrote:
>>=20
>> Getting rid of the vast majority of open relays and open proxies =
didn't =20
>> solve the spam problem, but there'd be more ways to send spam if =
those =20
>> methods were still generally available. The idea that doing away =
with =20
>> open relays and proxies was ineffective, so we may as well not have =
done =20
>> and should go back to deploying open relays and open proxies it is =
silly.
>=20
> Is it? It's likely true that the amount of span sent through open
> relays today is smaller than the amount of spam send through open
> relays 10 years ago. If the objective is "less spam via open relays",
> closing down open relays was a raging success. But that's not the
> objective. The objective is less spam, and there's certainly not less
> spam today than there was 10 years ago.
>=20
> Of course, those who worked to close open relays might argue that =
there
> would be even more spam today if there were still open relays. But
> they don't know that and there's no real evidence to support that.
You are incorrect. There is vast evidence that closing open relays =
resulted in less spam.
You can do a very simple experiment to satisfy your own curiosity. Open =
your SMTP host or HTTP proxy, wait a couple days and see what happens.
> The theory behind closing open relays, blocking port 25, etc., seems =
to
> be:
> (a) That will make it harder on spammers, and that will reduce spam --
> some of the spammers will find other other ways to inject spam, but
> some will just stop, OR
> (b) Eventually, we'll find technical solutions to *all* the ways spam
> is injected, and then there will be no more spam.
To be clear, even if there were not "vast evidence" blocking port 25 =
helped lower spam loads (and there _is_), it should still be filtered on =
residential / dynamic pools.
There is more DDoS today than ever before. I guess we should all enable =
directed broadcast again. Miscreants aren't using smurf attacks (or at =
least I haven't seen it, therefore it doesn't exist, right?), and there =
are other tons of other ways to DDoS people. So we should just open =
them back up, right?
If that doesn't sound ridiculously stupid to you, then you know nothing =
of DDoS fighting either. And if it does sound stupid to you, .. well, I =
think you get the point.
> There's little evidence for either.
You are wrong.
If you do not actually know something (and "I haven't heard of it" or =
"my friends don't like it" or "I don't see how ..." does not equal "I =
-know-"), then please refrain from making factual sounding statements. =
[Yeah, yeah, this is NANOG. Chances of that happening are nil. But at =
least the people who are willing to make such statements are =
self-identifying for easy future reference.]
--=20
TTFN,
patrick
