[Dshield] DShield's Public Goals

josh@theoubliette.net josh at theoubliette.net
Thu Jan 5 22:17:27 GMT 2006


Such a blocking solution wouldn't solve the problem in the case of a
compromised host running it's own mail server (i.e. reducing spam and
spread of viruses)...I would *theoretically* just make a smarter mailbot
virus that uses the ISP's mail service.  Very few ISPs block spam or scan
for viruses.  Some of the larger ones do, but I would again defer to my
previous point regarding ISP v. ASP.   They sometimes will respond to a
report AUP violation, and more often than not won't, especially in the
case of dial up.  Better yet, I engineer my mail bot to tunnel mail out
port 80 to a zombie that I control in east Elbonia that simply forwards
the mail normally, because everyone knows that the Elbonians don't believe
that you can *dictate* such controls to them and simply won't follow
*your* rules because they disagree with your country politically.

...I could go on and on, but I still stand by my point (which is the same
point that others have supported as well), that port filtering will not
work at that level.  If, in a utopian world, everyone did it, it might
work for about five minutes, until the bad guys came up with another
scheme to get around it, or use a compromised host, or a non-RFC compliant
mail server, or insecure php application that allows scripted commands as
non-validated user input...

J-

> ** Reply to message from josh at theoubliette.net on Thu, 5 Jan 2006 11:40:29
> -0800 (PST)
>
> There is nothing stopping you from running your own email server and still
> have
> your ISP block port 25.  I have tested a number of email servers on my
> home
> machine and always have it send all of the output email to my ISPs email
> server
> as a relay to get any email sent and not be blocked by either my ISP,
> blocking
> port 25, or the destination email server because they are blocking DUL
> and/or
> dynamic IPs.



More information about the list mailing list