[129331] in North American Network Operators' Group
Re: ISP port blocking practice
daemon@ATHENA.MIT.EDU (Owen DeLong)
Thu Sep 2 23:48:47 2010
From: Owen DeLong <owen@delong.com>
To: Zhiyun Qian <zhiyunq@umich.edu>
In-Reply-To: <ADDAD2C4-04B0-4E61-AF65-826186A4BD94@umich.edu>
Date: Fri, 3 Sep 2010 13:18:20 +0930
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
We should be seeking to stop damaging the network for ineffective anti =
spam measures (blocking outbound 25 for example) rather than to expand =
this practice to bidirectional brokenness.
Owen
Sent from my iPad
On Sep 3, 2010, at 12:25 PM, Zhiyun Qian <zhiyunq@umich.edu> wrote:
> I skimmed through these specs. They are useful but seems only related =
specific to IP spoofing prevention. I see that IP spoofing is part of =
the asymmetric routing story. But I was more thinking that given that IP =
spoofing is not widely adopted, the other defenses that they can more =
perhaps more easily implement is to block incoming traffic with source =
port 25 (if they already decided to block outgoing traffic with =
destination port 25). But according to our study, most of the ISPs =
didn't do that at the time of study (probably still true today).
>=20
> -Zhiyun
> On Sep 2, 2010, at 9:20 PM, Suresh Ramasubramanian wrote:
>=20
>> BCP38 / RFC2827 were created specifically to address some quite
>> similar problems. And googling either of those two strings on nanog
>> will get you a lot of griping and/or reasons as to why these aren't
>> being more widely adopted :)
>>=20
>> --srs
>>=20
>> On Fri, Sep 3, 2010 at 7:47 AM, Zhiyun Qian <zhiyunq@umich.edu> =
wrote:
>>> Suresh, thanks for your interest. I see you've had a lot of =
experience in fighting spam, so you must have known this. Yes, I know =
this spamming technique has been around for a while. But it's surprising =
to see that the majority of the ISPs that we studied are still =
vulnerable to this attack. That probably indicates that it is not as =
widely known as we would expect. So I thought it would be beneficial to =
raise the awareness of the problem.
>>>=20
>>> In terms of more results, the paper is the most detailed document we =
have. Otherwise, if you interested in the data that we collected (which =
ISPs or IP ranges are vulnerable to this attack). We can chat offline.
>>>=20
>>> Regards.
>>> -Zhiyun
>>=20
>>=20
>=20
