John Kreno on 26 Aug 2009 14:06:08 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Verizon blocking port 25


Hi,

 Long time listener, first time caller. I think even though that Verizon in this case is a residential provider, that an ISP should not filter any ports for any reason. It should be the customer's responsibility to perform due diligence. The internet should be as open as possible, much like the real world. But the end user should be diligent to keep their own end points secure.

- John

On Wed, Aug 26, 2009 at 4:45 PM, Randall A Sindlinger <rsindlin+plug@seas.upenn.edu> wrote:
On Wed, Aug 26, 2009 at 03:48:41PM -0400, jeff wrote:
> Greg Helledy wrote:
> > need to use port 587 when on the Verizon network and 25 elsewhere.  What
> > exactly is Verizon achieving by doing this
>
> annoying the most people possible.
> That is apparently its own reward.
>

It might be annoying, but that's not the goal.  By far, most people connect
to port 25 *un*encrypted. (I know all of you manually configured your email
clients to use StartTLS or SSL, though, right?)

As far as packet sniffing goes, port 25 is the best place to pick up people's
usernames and passwords, since its default mode is cleartext.  Once someone
has that, at best they can send _authenticated_ spam using that account.
Or worse, they can start trying that username/pw on every banking, social
networking, and shopping site they can find, and, well, try *that* for
annoying.

Quite frankly, I think Verizon is behind the curve on this.  Anybody that has
thought much about security has mostly already done this, afaik.

-Randall

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug



--
John Kreno

"Those who would sacrifice essential liberties for a little temporary safety deserve neither liberty nor safety." - Ben Franklin
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug