x404.co.uk
http://x404.co.uk/forum/

Trend Micro recommends blocking port 25 to kill botnets
http://x404.co.uk/forum/viewtopic.php?f=19&t=5612		 Page 1 of 1
Author:  pcernie [ Wed Jan 20, 2010 1:41 pm ]
Post subject:  Trend Micro recommends blocking port 25 to kill botnets
http://www.pcadvisor.co.uk/news/index.c ... d=3210590&

I'll have to have a read at this later, but if there's little hassle to the end user and no/tolerable invasion of privacy (or whatever way you wanna look at it), this should be considered by the sound of it...
Author:  l3v1ck [ Wed Jan 20, 2010 3:46 pm ]
Post subject:  Re: Trend Micro recommends blocking port 25 to kill botnets
Quote:
Two simple techniques could be used to strangle botnets, a security expert has claimed. First, block email port 25 by default.
Wouldn't that stop Thunderbird, Outlook Express etc from sending emails?
Quote:
Second, tell users when they are spewing spam from compromised PCs.
+1

EDIT

Quote:
Port 25 is useful if you happen to be connecting to a remote email server, but would not apply to the vast majority of an ISP's own users who connect to mail servers on internal ports, and would not be affected by such blocking.
Never mind.
Author:  Coref [ Wed Jan 20, 2010 9:36 pm ]
Post subject:  Re: Trend Micro recommends blocking port 25 to kill botnets
My company has a white list of hosts that can send email and Mcafee is configured to block any attempts to send email. Both are pretty sensible things to do. Only problem is when they turn the blocking on by mistake on the server that sends texts via an email gateway. :roll:
Author:  jonbwfc [ Wed Jan 20, 2010 9:57 pm ]
Post subject:  Re: Trend Micro recommends blocking port 25 to kill botnets
l3v1ck wrote:
Quote:
Two simple techniques could be used to strangle botnets, a security expert has claimed. First, block email port 25 by default.
Wouldn't that stop Thunderbird, Outlook Express etc from sending emails?

Quite some time ago the mail routing RFC's were changed such that only MTA's (servers, basically) should be talking to each other on port 25. MSAs (like email clients) should be using port 587. Or I think 465 - one of those may be unencrypted and one encrypted.

Of course they won't stop botnets, because a lot of bots are smart enough to know this and try both ports. But hey, nobody said they knew what they were doing *shrug*. If you really want to stop spam, you actually have to take more extreme measures - only allow submission from authenticated hosts and only pass properly digitally signed email would be a start.

Jon
Author:  JJW009 [ Wed Jan 20, 2010 10:45 pm ]
Post subject:  Re: Trend Micro recommends blocking port 25 to kill botnets
jonbwfc wrote:
only allow submission from authenticated hosts and only pass properly digitally signed email would be a start.

Authenticated hosts, yes. Signed? Not so sure about that.

The most annoying thing right now is that so many MX and SPF records are incorrect. And I mean people like banks and other well known businesses. FFS, it's just a few lines of text - get it right!

At the moment, no one should ever use a spam filter because you simply can't trust them not to eat a financially time-critical email from some big important organisation with incorrectly set up public records.

It makes me very angry. This problem should have gone away in 2006.

Grrr.

http://tools.ietf.org/html/rfc4408
Author:  jonbwfc [ Thu Jan 21, 2010 1:15 pm ]
Post subject:  Re: Trend Micro recommends blocking port 25 to kill botnets
JJW009 wrote:
jonbwfc wrote:
only allow submission from authenticated hosts and only pass properly digitally signed email would be a start.

Authenticated hosts, yes. Signed? Not so sure about that.

It's the only way you're going to stop it entirely. Phising mails etc rely on being able to spoof identity. Until you can effectively rely on email being sent by the people who have claimed to send it, you're stuffed. Plus it would stop delivery failure back-scatter.

Jon
Author:  paulzolo [ Thu Jan 21, 2010 2:59 pm ]
Post subject:  Re: Trend Micro recommends blocking port 25 to kill botnets
JJW009 wrote:
jonbwfc wrote:
At the moment, no one should ever use a spam filter because you simply can't trust them not to eat a financially time-critical email from some big important organisation with incorrectly set up public records.


So you are advocating manually sifting through thousands of crap emails every day to find the few that are actually meaningful?
Author:  jonbwfc [ Thu Jan 21, 2010 5:07 pm ]
Post subject:  Re: Trend Micro recommends blocking port 25 to kill botnets
paulzolo wrote:
JJW009 wrote:
jonbwfc wrote:
At the moment, no one should ever use a spam filter because you simply can't trust them not to eat a financially time-critical email from some big important organisation with incorrectly set up public records.


So you are advocating manually sifting through thousands of crap emails every day to find the few that are actually meaningful?

I dunno, since I didn't say that. Someone's quotings gone astray.

Jon
Author:  JJW009 [ Thu Jan 21, 2010 9:08 pm ]
Post subject:  Re: Trend Micro recommends blocking port 25 to kill botnets
paulzolo wrote:
So you are advocating manually sifting through thousands of crap emails every day to find the few that are actually meaningful?

It's entirely up to you. If you don't ever expect to receive anything important by email, then I guess it doesn't matter. personally, it really f*cks me off when someone complains about not being informed simply because they didn't check their spam.

I do "spam filter" my snail mail though. I get so much junk through the letterbox I simply don't have time to sort through it, so I chuck it all strait in the recycling bin. After all, no one would ever entrust anything important to the post without sending it signed for. When I tell people "Oh it probably went in the spam", the damned fools look at me like I'm mad :roll:
Author:  rustybucket [ Thu Jan 21, 2010 11:30 pm ]
Post subject:  Re: Trend Micro recommends blocking port 25 to kill botnets
JJW009 wrote:
After all, no one would ever entrust anything important to the post without sending it signed for. When I tell people "Oh it probably went in the spam", the damned fools look at me like I'm mad :roll:

HMRC do.
Author:  JJW009 [ Fri Jan 22, 2010 12:46 am ]
Post subject:  Re: Trend Micro recommends blocking port 25 to kill botnets
rustybucket wrote:
HMRC do.

Never heard of them. Whoever they are, the damned fools should get with the 21st century. Seriously, information printed in sticky stuff on mashed up tree delivered by snail mail by a man battling through the snow with a trolley WTF? Totally pointless. Send me text or an email; that way at least there's a chance I might actually receive it :?

Obviously paper is a good fall-back if the lights go out, but I'm really hoping that doesn't happen quite yet.
Author:  jonbwfc [ Fri Jan 22, 2010 9:43 am ]
Post subject:  Re: Trend Micro recommends blocking port 25 to kill botnets
JJW009 wrote:
rustybucket wrote:
HMRC do.

Never heard of them.

They've probably heard of you :lol: .

Her Majesty's Revenue and Customs - basically the UK tax collectors and border police (among other things).
Author:  JJW009 [ Fri Jan 22, 2010 6:17 pm ]
Post subject:  Re: Trend Micro recommends blocking port 25 to kill botnets
"checks Wiki"

Quote:
The Inland Revenue was, until April 2005, a department of the British Government responsible for the collection of direct taxation, including income tax, national insurance contributions, capital gains tax, inheritance tax, corporation tax, petroleum revenue tax and stamp duty. More recently, the Inland Revenue also administered the Tax Credits schemes [1], whereby monies, such as Working Tax Credit (WTC) and Child Tax Credit (CTC), are paid by the Government into a recipient's bank account or as part of their wages. The Inland Revenue was also responsible for the payment of child benefit.

The Inland Revenue was merged with HM Customs and Excise to form a new department, HM Revenue and Customs, with effect from 18 April 2005. [2] The former Inland Revenue is thus now part of HM Revenue and Customs, but it is still the name by which the tax gathering department of government is commonly known by British people and is often referred to as "the Tax Man".


Oh, right. They probably sent me a letter informing me of the change, but I expect it went in the junk so I didn't get it. They should have emailed me or sent a text if it was important :roll:
Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/