[118523] in North American Network Operators' Group
Re: ISP port blocking practice
daemon@ATHENA.MIT.EDU (Justin Shore)
Thu Oct 22 19:30:24 2009
Date: Thu, 22 Oct 2009 18:27:14 -0500
From: Justin Shore <justin@justinshore.com>
To: Zhiyun Qian <zhiyunq@umich.edu>
In-Reply-To: <0A08271D-49B9-4382-9F54-1A0BB6A3F2B2@umich.edu>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Zhiyun Qian wrote:
> 1). For any outgoing traffic, if the destination port is 25, then drop
> the packets.
> 2). For any incoming traffic, if the source port is 25, then drop the
> packets.
It's been pointed that I glossed over the wording of #2, specifically
missing the "source port" part of it, thus giving the right answer to
the wrong question. :-)
To answer your question, all our tcp/25 filters are based on destination
port. I could use source port but really I'm more concerned with my
customers not running SMTP servers in one direction and them not being
able to send spam in the other. Using source port needlessly
complicates those goals IMHO. Someone might have a specific reason to
use it but I don't in my case at least.
Justin
