[Mimedefang] FTC asks ISPs to crack down on zombie PCs
David F. Skoll
dfs at roaringpenguin.com
Wed May 25 23:54:30 EDT 2005
Kenneth Porter wrote:
> Two rules then: Allow FTP SYN's, and block all other SYN's.
You cannot detect "FTP SYNs" because in active-mode FTP, the FTP
client is free to choose an ephemeral port for the reverse connection.
I don't think ISPs should prevent people from running "servers",
because that's far too wide a concept. I would get most annoyed if my
ISP blocked my OpenVPN traffic, for example, even though there's an
SSH "server" running over the VPN traffic. (I'm lucky enough to live
in Canada, where you can generally find a decent ISP that gives out
reasonably-priced static addresses and lets clueful users do what they
need.)
ISPs should do the following:
- Block outbound port 25 connections except to their own mail servers.
- Insist on SMTP AUTH for outbound mail. Perhaps then even block outbound
port 25 completely and force port 587.
- Monitor traffic from customer equipment to detect the telltale signs of
virus infection or spamming.
That's all. Blocking ALL servers is too draconian.
Regards,
David.
More information about the MIMEDefang
mailing list