John Kreno on 27 Aug 2009 06:39:27 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Verizon blocking port 25


Really, when it comes down to it. Despite the laws that may exist, it is up to the individuals in society to police themselves. I guess that's what I was getting at. I mean anymore you do have some very socialist avenues in the US that you could persue, but even they require some intervention from the person seeking them. The picture you paint is one of state control. I don't see why anyone would do that. The internet is one of those last bastions of freedom. 

On Wed, Aug 26, 2009 at 5:56 PM, <bergman@merctech.com> wrote:


In the message dated: Wed, 26 Aug 2009 16:59:44 EDT,
The pithy ruminations from John Kreno on
<Re: [PLUG] Verizon blocking port 25> were:

=>
=> Hi,
=>
=>  Long time listener, first time caller. I think even though that Verizon in
=> this case is a residential provider, that an ISP should not filter any ports
=> for any reason. It should be the customer's responsibility to perform due

Absolutely, in the best of all worlds.

However, the customers, by-and-large, are clueless and incapable of keeping
their machines from becoming virus-infected zombies that steal passwords and
spew out spam. Excluding people on this list, of course. :)

=> diligence. The internet should be as open as possible, much like the real
=> world. But the end user should be diligent to keep their own end points
=> secure.
=>
=> - John
=>


What "real world" do you live in? To perpetuate a flawed but common analogy, if
the "Internet" is a highway system, then high-speed access from Verizon (and
Comcast, etc.) is much like a private toll road. The last time I looked, those
roads had very specific regulations--not just in terms of cost, but in terms of
the size, width, height, weight, speed, and payload of your vehicle.

Think of an typical home computer with a broadband connection as a pickup truck
traveling down the road. The driver's got a birthday card for Dear Old Mom
sitting on the front seat next to him, and he wants to get onto the private
toll road to deliver to the card to Mom. Unfortunately, he's also got a dripping
load of asbestos, used motor oil, and rotting kitchen scraps that unscrupulous
waste disposal firms (hackers) toosed into the back of the truck when he wasn't
looking. The toll taker can smell the truck coming before he even approaches the
EZ-Pass lane, and flags him over. That's what network egress filtering is like.


[DISCLAIMER]
I'm not a Verizon customer... I haven't read the details of their filtering &
port blocking.... I put in some effort to get around (tunning through)
Comcast's port 25 blocks, so it's not as if I like the concept, but I think
it's got some practical benefits.
[/DISCLAIMER]

Mark



=> On Wed, Aug 26, 2009 at 4:45 PM, Randall A Sindlinger <
=> rsindlin+plug@seas.upenn.edu <rsindlin%2Bplug@seas.upenn.edu>> wrote:
=>
=> > On Wed, Aug 26, 2009 at 03:48:41PM -0400, jeff wrote:
=> > > Greg Helledy wrote:
=> > > > need to use port 587 when on the Verizon network and 25 elsewhere.
=> >  What
=> > > > exactly is Verizon achieving by doing this
=> > >
=> > > annoying the most people possible.
=> > > That is apparently its own reward.
=> > >
=> >
=> > It might be annoying, but that's not the goal.  By far, most people connect
=> > to port 25 *un*encrypted. (I know all of you manually configured your email
=> > clients to use StartTLS or SSL, though, right?)
=> >
=> > As far as packet sniffing goes, port 25 is the best place to pick up
=> > people's
=> > usernames and passwords, since its default mode is cleartext.  Once someone
=> > has that, at best they can send _authenticated_ spam using that account.
=> > Or worse, they can start trying that username/pw on every banking, social
=> > networking, and shopping site they can find, and, well, try *that* for
=> > annoying.
=> >
=> > Quite frankly, I think Verizon is behind the curve on this.  Anybody that
=> > has
=> > thought much about security has mostly already done this, afaik.
=> >
=> > -Randall
=> >
=> > ___________________________________________________________________________
=> > Philadelphia Linux Users Group         --
=> > http://www.phillylinux.org
=> > Announcements -
=> > http://lists.phillylinux.org/mailman/listinfo/plug-announce
=> > General Discussion  --
=> > http://lists.phillylinux.org/mailman/listinfo/plug
=> >
=>
=>
=>
=> --
=> John Kreno
=>
=> "Those who would sacrifice essential liberties for a little temporary safety
=> deserve neither liberty nor safety." - Ben Franklin
=>
=> --0015174be3660059e6047211bbc4
=> Content-Type: text/html; charset=ISO-8859-1
=> Content-Transfer-Encoding: quoted-printable
=>
=> Hi,<br><br>=A0Long time listener, first time caller. I think even though th=
=> at Verizon in this case is a residential provider, that an ISP should not f=
=> ilter any ports for any reason. It should be the customer&#39;s responsibil=
=> ity to perform due diligence. The internet should be as open as possible, m=
=> uch like the real world. But the end user should be diligent to keep their =
=> own end points secure.<br>
=> <br>- John<br><br><div class=3D"gmail_quote">On Wed, Aug 26, 2009 at 4:45 P=
=> M, Randall A Sindlinger <span dir=3D"ltr">&lt;<a href="" href="mailto:rsindlin%252B">rsindlin%2B=
=> plug@seas.upenn.edu">rsindlin+plug@seas.upenn.edu</a>&gt;</span> wrote:<br>=
=> <blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, =
=> 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
=> <div class=3D"im">On Wed, Aug 26, 2009 at 03:48:41PM -0400, jeff wrote:<br>
=> &gt; Greg Helledy wrote:<br>
=> &gt; &gt; need to use port 587 when on the Verizon network and 25 elsewhere=
=> . =A0What<br>
=> &gt; &gt; exactly is Verizon achieving by doing this<br>
=> &gt;<br>
=> &gt; annoying the most people possible.<br>
=> &gt; That is apparently its own reward.<br>
=> &gt;<br>
=> <br>
=> </div>It might be annoying, but that&#39;s not the goal. =A0By far, most pe=
=> ople connect<br>
=> to port 25 *un*encrypted. (I know all of you manually configured your email=
=> <br>
=> clients to use StartTLS or SSL, though, right?)<br>
=> <br>
=> As far as packet sniffing goes, port 25 is the best place to pick up people=
=> &#39;s<br>
=> usernames and passwords, since its default mode is cleartext. =A0Once someo=
=> ne<br>
=> has that, at best they can send _authenticated_ spam using that account.<br=
=> >
=> Or worse, they can start trying that username/pw on every banking, social<b=
=> r>
=> networking, and shopping site they can find, and, well, try *that* for<br>
=> annoying.<br>
=> <br>
=> Quite frankly, I think Verizon is behind the curve on this. =A0Anybody that=
=>  has<br>
=> thought much about security has mostly already done this, afaik.<br>
=> <font color=3D"#888888"><br>
=> -Randall<br>
=> </font><div><div></div><div class=3D"h5"><br>
=> ___________________________________________________________________________=
=> <br>
=> Philadelphia Linux Users Group =A0 =A0 =A0 =A0 -- =A0 =A0 =A0 =A0<a href=""> => "http://www.phillylinux.org" target=3D"_blank">http://www.phillylinux.org</=
=> a><br>
=> Announcements - <a href="" href="http://lists.phillylinux.org/mailman/listinfo/pl=" target="_blank">http://lists.phillylinux.org/mailman/listinfo/pl=
=> ug-announce" target=3D"_blank">http://lists.phillylinux.org/mailman/listinf=
=> o/plug-announce</a><br>
=> General Discussion =A0-- =A0 <a href="" href="http://lists.phillylinux.org/mailma=" target="_blank">http://lists.phillylinux.org/mailma=
=> n/listinfo/plug" target=3D"_blank">http://lists.phillylinux.org/mailman/lis=
=> tinfo/plug</a><br>
=> </div></div></blockquote></div><br><br clear=3D"all"><br>-- <br>John Kreno<=
=> br><br>&quot;Those who would sacrifice essential liberties for a little tem=
=> porary safety deserve neither liberty nor safety.&quot; - Ben Franklin<br>
=>
=>
=> --0015174be3660059e6047211bbc4--
=>
=> --===============0328640799==
=> Content-Type: text/plain; charset="us-ascii"
=> MIME-Version: 1.0
=> Content-Transfer-Encoding: 7bit
=> Content-Disposition: inline
=>
=> ___________________________________________________________________________
=> Philadelphia Linux Users Group         --        http://www.phillylinux.org
=>
=> --===============0328640799==--
=>



___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug



--
John Kreno

"Those who would sacrifice essential liberties for a little temporary safety deserve neither liberty nor safety." - Ben Franklin
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug