Port Knowledgebase
PORT NUMBERS
Internapper Web Server Example
Ports used by trojans http://www.simovits.com/nyheter9902.html
The port numbers are divided into three ranges:
-
Well Known Ports 0 throught 1023
-
Registered Ports - 1024 - 49151
-
Dynamic and/or Private Ports 49152 - 65535
List of frequently seen TCP and UDP ports and what they mean. The goal of this port table is to point to further resources for more information.
Blocking Port 25 by Carl Hutzler March 19, 2007
The most effective method to stopping spam is blocking it as close to the origination point as possible. And logging. Why? Well simply put, once spam is successfully injected into the mail transport infrastructure, it is very difficult for machines to tell the difference between good email (ham) and bad email (spam). Yes, we have great systems in place to try and detect the differences and filter the bad ones out, but none are perfect and false positives are always the by-product.
A quick history of Spammer Evolution (similar to the cockroach):
basically a windows PC infected with a virus that allows the machine to act as a proxy which is in the control of the spammer. Spammers now send the spam through one of these compromised machines
(typically a Windoze PC on a always on broadband connection) which masks their true network identity.
transmit unauthenticated email data on port 25. In an improved world,
Port 25 should only be used for sending unauthenticated email data
from mail server to mail server (Mail Transmission Agents - MTAs).
Mail Clients (MSAs) should always authenticate before being allowed
to submit (originate) mail. Even if the client is on the server's
"trusted internal network", it should be a requirement for the client
to always authenticate before sending mail. Period. Clients always
authenticate to read mail, why do we allow anonymous submission of mail?
http://mipassoc.org/spamops/draft-hutzler-spamops-05.txt
I know blocking port25 from end-user machines works well and without
major side-effects. I did it for a large ISP and saw the sustainable
results. We then did it on behalf of most of the other ISPs in the
world...we did it on our side even if the other ISPs were unable or
not competent enough to do it themselves. And the result was nothing
less than spectacular and sustainable.
******
What are the downsides to blocking Port25?
1. People on consumer broadband networks trying to run mail servers
on their DHCP addresses
2. People who have web hosting (or similar) accounts that need to
submit mail "off network" and their hosting company does not provide
an alternative port (e.g. 587)
3. People who are using POP3 before SMTP as their authentication
method (John, who created that anyway ;-)
All of the downsides are solvable:
1. ISPs can whitelist their members who run mail servers to allow
port25 outbound from those hosts. Remember, this is <<1% of the
population.
2. Web hosting companies can start listening for authenticated email
traffic on alternative ports, like 587
3. Anyone using POP3 before SMTP should be migrating to SMTP AUTH
standards. Period.
******
I am an engineer. And while system designs always strive for the
perfect, we never let the good enough get in the way of fielding a
workable solution. So if I could reduce spam by 80% and not have any
impact on 99%++ of the population of internet users, I would do it.
And for the <<1% of the people who do run mail servers on their
broadband connection, lets whitelist them and let them have port25
access. Have a sign-up page for the user and let them say "I need
port 25 access, please open it for me". Done.
I think everyone would be a lot happier.
\Carl Hutzler
