[129329] in North American Network Operators' Group
Re: ISP port blocking practice
daemon@ATHENA.MIT.EDU (Zhiyun Qian)
Thu Sep 2 22:55:53 2010
From: Zhiyun Qian <zhiyunq@umich.edu>
In-Reply-To: <AANLkTin4+24KZYwAwpBvDDJSNK9fgXG3dKzcah-pxyVm@mail.gmail.com>
Date: Thu, 2 Sep 2010 21:55:41 -0500
To: Suresh Ramasubramanian <ops.lists@gmail.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I skimmed through these specs. They are useful but seems only related =
specific to IP spoofing prevention. I see that IP spoofing is part of =
the asymmetric routing story. But I was more thinking that given that IP =
spoofing is not widely adopted, the other defenses that they can more =
perhaps more easily implement is to block incoming traffic with source =
port 25 (if they already decided to block outgoing traffic with =
destination port 25). But according to our study, most of the ISPs =
didn't do that at the time of study (probably still true today).
-Zhiyun
On Sep 2, 2010, at 9:20 PM, Suresh Ramasubramanian wrote:
> BCP38 / RFC2827 were created specifically to address some quite
> similar problems. And googling either of those two strings on nanog
> will get you a lot of griping and/or reasons as to why these aren't
> being more widely adopted :)
>=20
> --srs
>=20
> On Fri, Sep 3, 2010 at 7:47 AM, Zhiyun Qian <zhiyunq@umich.edu> wrote:
>> Suresh, thanks for your interest. I see you've had a lot of =
experience in fighting spam, so you must have known this. Yes, I know =
this spamming technique has been around for a while. But it's surprising =
to see that the majority of the ISPs that we studied are still =
vulnerable to this attack. That probably indicates that it is not as =
widely known as we would expect. So I thought it would be beneficial to =
raise the awareness of the problem.
>>=20
>> In terms of more results, the paper is the most detailed document we =
have. Otherwise, if you interested in the data that we collected (which =
ISPs or IP ranges are vulnerable to this attack). We can chat offline.
>>=20
>> Regards.
>> -Zhiyun
>=20
>=20
