Comcast Blocks Port 25: Why Was it Ever Open?

Network News Break: ISP Comcast has taken to blocking port 25 when it detects spam-like traffic levels. It's a good move the company says has reduced spam coming out of its net by 20 percent. Why isn't the block default behavior? Also: MIMO pushes WLANs further, HP spruces up its network management tools, and just in time for VoWLAN, we get a crash course in question-asking.

By Michael Hall | Posted Jun 14, 2004
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Main     Elsewhere     The Week in CrossNodes

Late last week we caught an item regarding cable telco NTL's decision to block a bevy of ports used to propagate Windows-based worms. "Good news," we said. Even more pleasing to read today is an item in the Washington Post that notes cable ISP Comcast has taken to examining its networks and blocking port 25, the SMTP port, on addresses that appear to be sending large quantities of spam.

As reported by EnterpriseITPlanet:

According to the report administrators are currently only blocking ports to the most obvious offenders. Unknowingly infected users should note no difference, although periodic anti-virus scans is recommended (who knows what else they're infected with). A blanket block of port 25 is not in effect.

A company spokeswoman is quoted as saying that due to their recent efforts, spam sent from their network has been cut by 20%. Given that an estimated 9 out of 10 all email in the U.S. is spam, that is a measurable savings in bandwidth.

The only piece of bad news we care to point out is in the apparent ongoing debate among ISPs over whether a blanket block of port 25 is appropriate or not, because with only a minor qualification, we're certain its something that should have been implemented by everyone as the growth of broadband made the zombie spam machine a reality.

Some qualifications apply, because some people prefer to run their own mail servers over their broadband connections for perfectly legitimate reasons, but we don't see the issue with requiring a new subscriber to broadband having to check a box in the service application indicating that they wish port 25 remain unblocked. It's slightly less convenient, perhaps, but it keeps the vast majority of home users who don't even know what SMTP is in a corral, where they belong, far away from those of us trying to maintain the commons that is the Internet.

ISPs looking for inspiration on how to handle the matter could do worse than to consider Portland, Oregon-area Easystreet, which has a permissive policy on users running their own servers, but also has a stiff fine in store for unwary amateur admins who maintain open relays either unwittingly or out of laziness. Combined with a default block of port 25, such a policy seems like it could do a lot to help keep the commons less tragic.

Elsewhere:

» Bliss or disaster? Intranet Journal has a brief bit that ties in nicely with the latest feature up on our front page today. The Journal article's about the value of asking questions when you're an IT person in the midst of a project. Our feature is about the advent of VoWLAN. So what do they have to do with each other? As our author noted:

Unless you were a tiny company that had an IT generalist, the data and telecom support staff have, until recently, not needed to learn each other's methodologies and equipment. The current trend is to merge the support functions and staff for more efficient operations, but there is still a time lag in training and operational efficiencies, as the staff learn the new equipment and procedures.

VoWLAN is more than a tricky concoction of mixed technologies, its an intersection of several areas of networking and management. Learning to ask questions is a skill you'll probably need soon if VoWLAN is coming to your network.

» HP announced extensions to OpenView, including OpenView Route Analytics Management System, which the company says "[will] identify and patch failures up to 80 percent faster. The software provides such data as problem identification updates every 15 seconds. The product manages the network as a service, not as IT infrastructure..."

» Heard of MIMO? It's an antenna technology its developers say can push Wi-Fi throughput to upwards of 108Mbps. Wi-Fi Planet reports it's beginning to gather momentum, though its inclusion in any 802.11 specification could be months or years off.

The Week in CrossNodes

» VoWLAN: The Wireless Voice Future is Here ... Almost

VoWLAN might be the chocolate and peanut butter of networking, but the convergence of VoIP and wireless freedom has its share of snags. Here's what you need to know.

» Squid Puts the Squeeze on Net Wrongdoers (Part 2)

Between online deathmatches, hearts tournaments, and sports bookies, your network might be looking more like a playground than a place to get work done. Here's how to use Squid to button down the traffic and make sure your more slippery users don't slide out of its grasp.

» Three LDAP Browsers for the Asking

Getting your information in a directory is just half the battle: The other half is finding it. Here are three LDAP browsers, free of charge and up to the task of digging through your data.

» FaceTime Makes IM as Safe as Talking Face-to-Face

With IM use at critical mass and growing, security and privacy challenges abound. FaceTime's enterprise-grade server suite monitors, archives, and analyzes IM traffic for thousands of users without requiring thousands of admin hours.

Network News Break is CrossNodes' daily summary of networking news and opinion, served up fresh daily. Please send your comments and suggestions to the editor.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter