[Dshield] DShield's Public Goals

David Cary Hart DShield at TQMcube.com
Thu Jan 5 17:52:29 GMT 2006


On Thu, 05 Jan 2006 11:09:08 -0600
ed.truitt at etee2k.net opined:
> I can agree with port blocking at the frontier (where the ISP connects to the
> Internet backbones) for those ports running services that are not designed to
> be Internet-wide (a good example is Windows Networking -- can you imagine a
> WINS server for the whole Internet?!?)
> 
> HOWEVER -- as a matter of policy, blocking ports is simply a bad idea.  Others
> have noted that it would be a simple matter to switch SMTP traffic to another
> port (tunnel it though port 80, anyone?), or even to another service 
> (IRC comes
> to mind), which means the original functionality for the user is hosed, 
> but the
> bad guy still gets his stuff through.  Reminds me of TSA confiscating nail
> files, but allowing someone with an AK-47 through.
> 
I'm not so sure. Changing the port only works for people trying to workaround
blocked ports so that they can run a server, right? If 25 is blocked outbound
(except to their ISP's SMTP), how would the nitwits get the spam out?
Ultimately, a sender has to be able to connect to 25. What am I missing?

-- 
Our DNSRBL - 
           Eliminate Spam: http://www.TQMcube.com/spam_trap.php
   FSS v. AHBL SLAPP Suit: http://www.TQMcube.com/ahbl.php
          Multi-RBL Check: http://www.TQMcube.com/rblcheck.php
            Zombie Graphs: http://www.TQMcube.com/zombies.php


More information about the list mailing list