Slashdot Mirror

← Back to Stories (view on slashdot.org)

FTC Recommends ISPs Disconnect Spam Zombies

Posted by Zonk on from the spombie-hunting dept.

Mike Markley writes "CNN is carrying a story about the the FTC's plans and concerns around spam zombies. They say they will be identifying such zombie hosts and notifying ISPs, and are recommending that the ISPs disconnect indicated users. There's also a recommendation likely to raise the ire of the geekier sorts: that ISPs only permit users to send mail through their own servers (presumably by blocking port 25 outbound)." From the article: "Law enforcers in 25 other countries, from Bulgaria to Peru, are also participating in the campaign, the FTC said. Absent from the list of cooperating countries was China, where experts say rapid growth and a relative lack of technical sophistication have led to a large number of zombie computers."

5 of 411 comments (clear)

  1. I second! by Hrodvitnir · · Score: 3, Informative

    Having worked for a university tech department that did this, I would have to say, I can't think of a better way to open peoples eyes to the threat of virii than to revoke their internet privilages.

    --
    "There are more important things than stopping terrorism. Upholding the Constitution is one of them." - Ars Forumer.
  2. So what? by grub · · Score: 5, Informative

    That ISPs only permit users to send mail through their own servers (presumably by blocking port 25 outbound)

    My ISP doesn't block 25 outgoing but a few spam blacklists have my IP range on their "DSL/Cable/Dialup" listings so I send mail from my internal server through the ISP.

    The result? No more "You're on a dynamic IP" bounce messages.

    --
    Trolling is a art,
  3. Re:Blocking port 25 seems reasonable by flabbergasted · · Score: 3, Informative

    You mean like this list of machines logged on my company's mailserver last night?

    pcp0010214909pcs.prtmry01.nj.comcast.net [68.38.185.88] 3 Time(s)
    pcp0010265818pcs.indpnd01.mo.comcast.net [69.242.142.22] 1 Time(s)
    pcp0010333393pcs.reston01.va.comcast.net [68.48.197.229] 1 Time(s)
    pcp0010412028pcs.verona01.nj.comcast.net [68.45.58.128] 1 Time(s)
    pcp0010540314pcs.cnorth01.va.comcast.net [68.57.67.93] 1 Time(s)
    pcp0010584174pcs.detrtc01.mi.comcast.net [68.40.225.0] 1 Time(s)
    pcp0010642714pcs.nstnig01.ct.comcast.net [68.85.32.47] 1 Time(s)
    pcp0010655005pcs.pimaco01.az.comcast.net [69.244.46.82] 1 Time(s)
    pcp0010810535pcs.blumtn01.pa.comcast.net [68.83.178.34] 1 Time(s)
    pcp0010846920pcs.flrdav01.dc.comcast.net [68.48.139.194] (may be forged) 1 Time(s)
    pcp0011040929pcs.columb01.pa.comcast.net [68.32.55.43] 1 Time(s)
    pcp0011111425pcs.elkrdg01.md.comcast.net [68.54.168.192] 1 Time(s)
    pcp0011378025pcs.tsclos01.al.comcast.net [69.244.22.77] 1 Time(s)
    pcp0011477711pcs.chrchv01.md.comcast.net [69.250.168.74] 1 Time(s)
    pcp0011618409pcs.glst3401.nj.comcast.net [68.38.117.248] 1 Time(s)
    pcp0011641820pcs.aberdn01.md.comcast.net [69.250.232.187] 1 Time(s)
    pcp0011714032pcs.nmexav01.dc.comcast.net [68.34.15.178] 1 Time(s)
    pcp0011935679pcs.summit01.nj.comcast.net 1 Time(s)
    pcp0011966837pcs.olathe01.ks.comcast.net [68.46.204.16] 1 Time(s)
    pcp01021199pcs.panamc01.fl.comcast.net [68.59.108.1] 1 Time(s)
    pcp01277162pcs.mobilh01.al.comcast.net [68.63.57.96] 1 Time(s)
    pcp02108146pcs.cstltn01.in.comcast.net [68.58.134.116] 1 Time(s)
    pcp02109399pcs.newhav01.mi.comcast.net [68.83.194.92] 1 Time(s)
    pcp02285290pcs.paduca01.ky.comcast.net [68.63.248.232] 1 Time(s)
    pcp03995793pcs.elkton01.md.comcast.net [68.33.57.218] 1 Time(s)
    pcp04052298pcs.wbrmfd01.mi.comcast.net [68.41.42.156] 1 Time(s)
    pcp04095669pcs.mtsano01.ga.comcast.net [68.47.47.2] 3 Time(s)
    pcp04366701pcs.nrockv01.md.comcast.net [69.140.203.48] 1 Time(s)
    pcp04965276pcs.benslm01.pa.comcast.net [68.80.89.88] 1 Time(s)
    pcp05403122pcs.hershy01.pa.comcast.net [69.139.141.125] 1 Time(s)
    pcp05921204pcs.sprgfd01.mi.comcast.net [68.61.127.211] 1 Time(s)
    pcp06251235pcs.roylok01.mi.comcast.net [68.62.103.46] 1 Time(s)
    pcp07344705pcs.sftmyr01.fl.comcast.net [69.139.61.100] 1 Time(s)
    pcp08118966pcs.gambrl01.md.comcast.net [68.48.93.223] 1 Time(s)
    pcp08582368pcs.alxndr01.va.comcast.net [68.83.219.101] 1 Time(s)
    pcp08598128pcs.danbry01.ct.comcast.net [69.138.133.16] 1 Time(s)
    pcp08697328pcs.500ash01.tn.comcast.net [69.137.110.133] 1 Time(s)
    pcp08710847pcs.washly01.sc.comcast.net [68.58.250.62] 1 Time(s)
    pcp08855755pcs.ypeast01.mi.comcast.net [68.85.187.162] 1 Time(s)
    pcp09021586pcs.watrfd01.mi.comcast.net [69.244.163.126] 1 Time(s)
    pcp09085861pcs.flint01.mi.comcast.net [68.62.31.79] 1 Time(s)
    pcp09258390pcs.olathe01.ks.comcast.net [69.240.236.157] 1 Time(s)
    pcp09287097pcs.brick101.nj.comcast.net [69.142.6.255] 1 Time(s)
    pcp09381207pcs.brghtn01.mi.comcast.net [69.241.243.96] 1 Time(s)
    pcp09401135pcs.mtlrel01.nj.comcast.net [69.142.56.207] 1 Time(s)
    pcp09479154pcs.medfrd01.nj.comcast.net [69.142.38.170] 1 Time(s)
    pcp09739260pcs.stclar01.mi.comcast.net [69.241.251.83] 1 Time(s)
    pcp09859686pcs.medfrd01.nj.comcast.net [68.37.48.8] 1 Time(s)
    pcp09942638pcs.hyatsv01.md.comcast.net [69.143.227.191] 2 Time(s)
    pcp09984227pcs.audubn01.nj.comcast.net [68.36.74.167] 1 Time(s)
    pcp185961pcs.swedsb01.nj.comcast.net [68.46.55.209] 1 Time(s)
    pcp445640pcs.bartlt01.ga.comcast.net [68.51.164.35] 1 Time(s)
    pcp695807pcs.lvngst01.md.comcast.net [68.50.92.82] 1 Time(s)
  4. Re:25? Already blocked. by The+Cisco+Kid · · Score: 4, Informative

    Yes, so you make sure you pick a clueful ISP that has MSA (RFC 2476) support, which uses port 587, then you set his mail client to use that, and it works fine both when hes in the office, or at home, regardless of port 25 restrictions wherever he's getting his connectivity from.

    Since MSA requires him to *authenticate* (which most clients, even OE and ilk will do happily) when he connects on port 587, and the ISP only accepts *outbound* mail on that port (other ISP's wanting to delvier mail *to* your ISP still use 25) it isnt terribly attractive to spammers.

  5. FTC Does NOT Recommend Blocking SMTP / Port 25 by jonathanbearak · · Score: 3, Informative

    The article is quite vague. But I really think that Reuters is misunderstanding the details here and creating this inclarity. The FTC is not so stupid as to block port 25.

    I immediately went to ftc.gov.
    Here is a link to their actual press release:
    http://ftc.gov/opa/2005/05/zombies.htm

    They have a more detailed website at:
    http://www.ftc.gov/bcp/conline/edcams/spam/zombie/ index.htm

    This site appears to be geared for the people who actually understand what's going on. The very first bullet point on the site states very clearly:
    "block port 25 except for the outbound SMTP requirements of authenticated users of mail servers designed for client traffic. Explore implementing Authenticated SMTP on port 587 for clients who must operate outgoing mail servers."

    In other words, under their proposal, can still send emails so long as we are authenticating to an SMTP server.

    We can use our College email, our Google, Yahoo, etc. accounts.

    This is how I interpret their idea:
    - You want to send email? Connect to an SMTP server and log on.
    - Incoming traffic is not interfered with.
    - If you send SMTP traffic directly from your computer to someone else's computer, this is blocked.

    I'm not sure exactly how one would implement this because one cannot know every "legitimate" mail server. Further, ISP's will not (should not) be scanning all of our SMTP packets to see what kind of traffic is coming from our computers. The easiest solution is something already in place, although it annoys me. I can still send SMTP from my computer (RoadRunner ISP, New York City) but if I send to an AOL user, for example, I get a reply back from AOL explaining that AOL will not accept emails from a Residential IP address. This is irritating, but it's no bother. Simply have all the ISP's say, these IP blocks are for our residential customers --- if you get email from them, it's probably a spam zombie, so you may wish to block such SMTP traffic if it becomes a bother.

    I'm not proposing anything, just trying to piece together what the FTC is actually saying. Trust me, they're not so clueless; it's usually the papers, especially in these generic wire reports, that mess up the details.

    The FTC is most certainly _not_ recommending that all port 25 traffic is blocked; they are not limiting anyone to their ISP's mail servers.How would the FTC people log in to their own FTC email from their homes? They'd have the same issues we'd have.

    Anyway, since I *never* use my ISP mail server (mostly because Google is faster, has more storage, and is easier to access when I don't feel like carrying my laptop around; and because for professional stuff I tell people to contact me @honorscollege.cuny.edu (even though I SMTP back through Google).

    Though less technical, I'm sure, most professional people require such a setup. Think things through. I see so many posts regarding outright and absolute SMTP / Port 25 blocking. That's too ridiculous to believe. Indeed, it's not even close to what the FTC actually says, as I cite above.

    Read their site if you still have your doubts. Let it be said, however, that the government is not as stupid as some would like to believe.