nanog mailing list archives
Re: Providers removing blocks on port 135?
From: Justin Shore <listuser () numbnuts net>
Date: Sat, 20 Sep 2003 20:32:55 -0500 (CDT)
On Sat, 20 Sep 2003, Margie wrote:
Very little spam coming off dialups and other dynamically assigned, "residential" type connections has anything to do with open relays. The vast majority of it is related to open proxies (which the machine owners do not realize they are running) and machines that have been compromised by various viruses and exploits. These are machines that should not be running outbound mailservers, and in most cases, the owners neither intend nor believe that their systems are sending mail. Merely stating that people shouldn't run open relays didn't stop spam four years ago and it is less likely to do so now.
This veers off the original topic. Of course I don't think any of us recall what that was anyways... I remember back when I first started using the DUL. Of all the DNSBLs I used at the time it blocked the most spam of any of them. I mean that by long shot. About the time the DUL and other MAPS lists went commericial is about the same time I noticed fewer and fewer hits on the DUL. We still pay for an AXFR (IXFR) of it but it doesn't block nearly as much as it used to. The open proxy lists block an unbelievable amount of spam. In theory the DUL would take care of this if it also list residential dynamically assigned cable/dsl lines (if it doesn't already, hmmm...). Still the open proxy DNSBLs seem to be more effective now. Bottom line, use every DNSBL you possibly can and don't be afraid to pay for them. I strongly recommend redirecting SMTP traffic for this same class of user as well. Now I'm going to get even more off-topic. It occurs to me that major changes to a protocol such as SMTP getting auth should justify utilizing a different tcp/ip port. Think about it like this. If authenticated forms of SMTP used a different TCP/IP port we netadms could justify leaving that port open on these same dynamically assigned netblocks in the theory that they are only able to connect to other authenticated SMTP services. Doesn't that seem logical? Justin
Current thread:
- Re: Providers removing blocks on port 135?, (continued)
- Re: Providers removing blocks on port 135? Niels Bakker (Sep 20)
- Re: Providers removing blocks on port 135? Richard Cox (Sep 20)
- Re: Providers removing blocks on port 135? Margie (Sep 20)
- Re: Providers removing blocks on port 135? Andy Walden (Sep 20)
- Re: Providers removing blocks on port 135? Margie (Sep 20)
- Re: Providers removing blocks on port 135? Jack Bates (Sep 22)
- Re: Providers removing blocks on port 135? Sean Donelan (Sep 20)
- Re: Providers removing blocks on port 135? Justin Shore (Sep 20)
- Any actual data to back up blocking Netbios ports? Sean Donelan (Sep 20)
- Re: Providers removing blocks on port 135? John Kristoff (Sep 21)
- Re: Providers removing blocks on port 135? Justin Shore (Sep 20)
- Re: Providers removing blocks on port 135? jlewis (Sep 20)
- Message not available
- Re: Providers removing blocks on port 135? Mike Tancsa (Sep 21)
- Re: Providers removing blocks on port 135? Justin Shore (Sep 21)
- Message not available
- Re: Providers removing blocks on port 135? Mike Tancsa (Sep 23)
- Re: Providers removing blocks on port 135? Jack Bates (Sep 23)
- Re: Providers removing blocks on port 135? Mike Tancsa (Sep 23)
- Re: Providers removing blocks on port 135? Jack Bates (Sep 23)
- Re: Providers removing blocks on port 135? Mike Tancsa (Sep 23)
- Re: Providers removing blocks on port 135? Justin Shore (Sep 23)
- Re: Providers removing blocks on port 135? Owen DeLong (Sep 21)