North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Time to check the rate limits on your mail servers
On Thu, 03 Feb 2005 17:54:28 +0200, Gadi Evron <[email protected]> wrote: > Still, please tell me, how is not blocking un-used or un-necessary ports > a bad thing? It is a defensive measure much like you'd add barricades > before an attack. Agreed. And depending on your service, there are different ports worth blocking. For residential users, I can't see a reason to not block something like Netbios. And blocking port 25 effectively prevents zombies from spamming. Unfortunately, it also blocks legitimate users from being able to use SMTP AUTH on a remote server.. > They now evolved, and are using user-credentials and ISP-servers. This > evolution means that their capabilities are severely decreased, at least > potentially. Has this been confirmed? Does this new worm, in fact, use SMTP AUTH where necessary? Will it also check the port that the user's computer is set to send mail on? So, for instance, if SMTP AUTH is required, and the mail submission port is being used rather than standard port 25, will the worm detect all this? The nice part about SMTP AUTH, though, is that there is at least a direct link to the user sending the spam. This means, of course, that ISP's will need to police their users a little better.. :) > It means ISP's will have to re-think their strategies, just like AOL > did. It also means it's once small step to victory for us. We are a long > way from it, and please - not everybody blocks port 25 so current-day > worms are more than efficient still. So I guess users will have to stop clicking that "Save Password" button... That is, until the worm records the keystrokes when the password is entered... *sigh* > Gadi. > -- Jason 'XenoPhage' Frisvold [email protected]
|