[Dshield] DShield's Public Goals

Ed Truitt ed.truitt at etee2k.net
Thu Jan 5 18:24:33 GMT 2006


Route through an open proxy sitting on a network that doesn't block (blocking ports is truly effective only if EVERYONE does it.)

-EdTr.
-----Original Message-----
From: David Cary Hart <DShield at TQMcube.com>
Date: Thu, 5 Jan 2006 12:52:29 
To:list at lists.dshield.org
Subject: Re: [Dshield] DShield's Public Goals

On Thu, 05 Jan 2006 11:09:08 -0600
ed.truitt at etee2k.net opined:
> I can agree with port blocking at the frontier (where the ISP connects to the
> Internet backbones) for those ports running services that are not designed to
> be Internet-wide (a good example is Windows Networking -- can you imagine a
> WINS server for the whole Internet?!?)
> 
> HOWEVER -- as a matter of policy, blocking ports is simply a bad idea.  Others
> have noted that it would be a simple matter to switch SMTP traffic to another
> port (tunnel it though port 80, anyone?), or even to another service 
> (IRC comes
> to mind), which means the original functionality for the user is hosed, 
> but the
> bad guy still gets his stuff through.  Reminds me of TSA confiscating nail
> files, but allowing someone with an AK-47 through.
> 
I'm not so sure. Changing the port only works for people trying to workaround
blocked ports so that they can run a server, right? If 25 is blocked outbound
(except to their ISP's SMTP), how would the nitwits get the spam out?
Ultimately, a sender has to be able to connect to 25. What am I missing?

-- 
Our DNSRBL - 
           Eliminate Spam: http://www.TQMcube.com/spam_trap.php
   FSS v. AHBL SLAPP Suit: http://www.TQMcube.com/ahbl.php
          Multi-RBL Check: http://www.TQMcube.com/rblcheck.php
            Zombie Graphs: http://www.TQMcube.com/zombies.php
_________________________________________
Learn about Intrusion Detection in Depth from the comfort of your own couch:
https://www.sans.org/athome/details.php?id=1341&d=1

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

Cheers,
-E D Truitt

Sent via my BlackBerry from Cingular Wireless


More information about the list mailing list