[118485] in North American Network Operators' Group
ISP port blocking practice
daemon@ATHENA.MIT.EDU (Zhiyun Qian)
Thu Oct 22 13:23:11 2009
From: Zhiyun Qian <zhiyunq@umich.edu>
Date: Thu, 22 Oct 2009 13:22:17 -0400
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hi all,
What is the common practice for enforcing port blocking policy (or
what is the common practice for you and your ISP)? More specifically,
when ISPs try to block certain outgoing port (port 25 for instance),
they could do two rules:
1). For any outgoing traffic, if the destination port is 25, then drop
the packets.
2). For any incoming traffic, if the source port is 25, then drop the
packets.
Note that either of the rule would be able to block outgoing port 25
traffic since each rule essentially represent one direction in a TCP
flow. Of course, they could apply both rules. However, based on our
measurement study, it looks like most of the ISPs are only using rule
1). Is there any particular reason why rule 1) instead of rule 2)? Or
maybe both?
Also, is it common that the rules are based on tcp flags (e.g. SYN,
SYN-ACK)? One would think block SYN packet is good enough.
Regards.
-Zhiyun
