[Dshield] ISP's not blocking egress 25/tcp

Josh Tolley josh at raintreeinc.com
Fri Jan 23 20:51:48 GMT 2004


It wouldn't do much good to block

jayjwa wrote:
> The trouble is, everyone wants _their_ server clear, but everyone else's
> blocked (on ISP's networks, your example above).

At least an ISP should block outgoing SMTP for home users, wherever 
possible. At my work we have business class service (with which comes 
business class rights, such as sending out SMTP traffic and with which 
*should* come business class responsibility).

> I've seen many cases where a server
> will sit  around, up on a higher port, say 5550, and send from there. If
> you can confirm the source of a SPAM, take a look at the computer that
> sent it out. Many times it's a Windows-WinNT machine running a mailserver
> on a high port. I doubt a legit company is mass-sending email from a
> Windows 98 machine from port 5685 =)

It doesn't matter what port this garbage comes *from* - just if it's 
going to port 25, kill it.

-Josh




More information about the list mailing list