2. A non-standard port that is 100% open just like regular SMTP is bound
to soon be known and start to be abused. It has to be some type of
restricted profile smtp with authentication (which is what submit is,
so why reinvent it...).
Right--there's no point in blocking port 25 if you just open up another
port to plain unauthenticated SMTP....
Don't get me wrong, this was just a crazy off-the-top-of-my-head idea and I
can certainly believe I'm wrong, but this reasoning doesn't persuade me.
There's no reason to believe that there would be a few common ports.
Let's say I want to let my team of users access the mail server from their
ISP accounts. I set up SMTP on (pull number out of ass) TCP 48207. I have to
set this up on all their clients (and open it up on any firewalls between
us), so for practical purposes it can't be too many of them.
Assuming the ISP hasn't blocked that port as well (ISP's don't generally
block arbitrary ports) it should solve the problem of getting through the
port 25 block. *Conventional* worms on the system will still fail because
they will be trying to use port 25. A new worm could be written to monitor
all communications looking for SMTP on non-standard ports, but this is a lot
of work when there is still low-hanging fruit out there.
So how is this not going to solve anything? I agree I'd much rather have
users run port 587 and authenticate, but if it's just your sense of
networking asthetics that's offended by this scheme then that's worth
saying.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
larryseltzer(_at_)ziffdavis(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg