[Dshield] DShield's Public Goals
ed.truitt at etee2k.net
Thu Jan 5 17:09:08 GMT 2006
I can agree with port blocking at the frontier (where the ISP connects to the
Internet backbones) for those ports running services that are not designed to
be Internet-wide (a good example is Windows Networking -- can you imagine a
WINS server for the whole Internet?!?)
HOWEVER -- as a matter of policy, blocking ports is simply a bad idea. Others
have noted that it would be a simple matter to switch SMTP traffic to another
port (tunnel it though port 80, anyone?), or even to another service
to mind), which means the original functionality for the user is hosed,
bad guy still gets his stuff through. Reminds me of TSA confiscating nail
files, but allowing someone with an AK-47 through.
OTOH, if the service agreement with the user specifies that certain services
(SMTP, outgoing WWW) will be handled by the provider's central systems,
a contractual matter between provider and customer. I simply want the
decline such conditions, and patronize a provider who doesn't impose such
Quoting David Cary Hart <DShield at TQMcube.com>:
> Years ago, Johannes advocated ISP port blocking as a way to significantly
> reduce the spread of Internet viruses. He was right then; He is MORE
> right now.
> Hypothetically, much - if not most - of the malicious content that spreads
> around is designed to install SMTP on the host in order to relay spam and
> replication attachments. Judging from some of the patterns that I
> see, it seems
> that individuals are building networks of hundreds of machines that they
> control through IRC.
> FWIW, it just seems to me that, at every opportunity, DShield and ISC
> should be
> spreading the gospel of port blocking.
More information about the list