On Apr 4, 2005 10:40 AM, Sean Donelan <[EMAIL PROTECTED]> wrote: > Why does anyone accept SMTP conenctions from known "dynamically assigned" > addresses? DUL, QIL, etc should drop all those connections on the floor.
Consider, if you will, the UNKNOWN dynamic IP ranges Neither DUL, nor SORBS DUHL, nor the several other lesser known variants can claim to do even a fraction of a perfect job - and providers who do stuff like happily mix static IP and dynamic IP netblocks, maintain vague or inconstant rDNS or even no rDNS at all for these, etc don't help at all, leading to the usual funny situation of someone's static IP dsl getting blocked as dynamic [but that's another story altogether] And even with port 25 filtering, if it is one way only, people can use so-called triangular routing to spoof IP packets, using botnet controled hosts on dialups, and a master control center with a fat pipe + spamware, and a bank of POTS lines. Port 25 both ways, and then uRPF to stop source address spoofing .. > Does port 25 blocking actually make a difference? Any public data from > before and after? Or does it just annoy people, cause problems and not > fix anything? The last time this thread came up on nanog (I think you were the one to ask this question then as well) I do belive people came up to say "yes, it does make a difference" That said, Joe St.Sauver put it fairly well in his presentation at maawg san diego, when he said it is cough sirup for lung cancer, and what you need along with the cough sirup of port 25 filtering, is some stronger measures to locate and take down botted hosts, which of course can be used for nastier things (DDoS botnets for example) as well, things that do just fine without port 25. -srs -- Suresh Ramasubramanian ([EMAIL PROTECTED])