Home page logo

nanog logo nanog mailing list archives

RE: Stealth Blocking
From: "Mike Batchelor" <mikebat () tmcs net>
Date: Fri, 25 May 2001 16:04:20 -0700

Returning to operational traffic:

One thing that I think *will* help, particularly in the short term, is
port 25 blocking of dialup ports.  It's my personal opinion that this
will have the greatest impact on spammers who abuse open relays.  I've
watched this happen over the last few months, as various large networks
have secured their dialup ports.  It's impressive.

TCP rate-limiting on outbound traffic to *:25 would also be extremely
effective, particularly on unclassified customer traffic, and without the
heavy-handed nature of denying all dial-up traffic. Rate-limiting doesn't
interfere with low-volume legitimate mail, but it really cramps spam.

I'm partial to intercepting, rather than blocking, port 25 outbound traffic
from dialups and redirecting it to a mail relay.  This way, you can easily
see which of your users are sending spam, because you force it all to go
through your own mail relay, even when the dialup user tried to connect
directly to MX hosts.  Roaming users would not need to change their MUA
configuration to use a different outgoing relay.  It also gives you the
opportunity to expunge the queue of spam as soon as it is noticed, sparing
other admins the pain of dealing with it, and saving yourself some
embarassment and pain dealing with the complaints.

Eric A. Hall                                        http://www.ehsco.com/
Internet Core Protocols          http://www.oreilly.com/catalog/coreprot/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]