[129332] in North American Network Operators' Group
Re: ISP port blocking practice
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Thu Sep 2 23:54:38 2010
From: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <D1DB0311-0EE9-4A4A-B458-7A5FC8C30990@delong.com>
Date: Thu, 2 Sep 2010 23:54:28 -0400
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sep 2, 2010, at 11:48 PM, Owen DeLong wrote:
> We should be seeking to stop damaging the network for ineffective anti =
spam measures (blocking outbound 25 for example) rather than to expand =
this practice to bidirectional brokenness.
Since at least part of your premise ('ineffective anti-spam measures') =
has been objectively proven false to fact for many years, I guess we can =
ignore the rest of your note.
But thanx for playing. :)
Also, just so everyone doesn't think I'm in favor of "damaging" the =
network, I would much prefer a completely open 'Net. Who wouldn't? =
Since that is not possible, we have to do what we can to damage the =
network as little as possible. Port 25 blocking is completely =
unnoticeable to something on the order of 5-nines worth of users, and =
the rest should know how to get around it with a minimum of fuss =
(including things like "ask your provider to unblock" in many cases).
--=20
TTFN,
patrick
> On Sep 3, 2010, at 12:25 PM, Zhiyun Qian <zhiyunq@umich.edu> wrote:
>=20
>> I skimmed through these specs. They are useful but seems only related =
specific to IP spoofing prevention. I see that IP spoofing is part of =
the asymmetric routing story. But I was more thinking that given that IP =
spoofing is not widely adopted, the other defenses that they can more =
perhaps more easily implement is to block incoming traffic with source =
port 25 (if they already decided to block outgoing traffic with =
destination port 25). But according to our study, most of the ISPs =
didn't do that at the time of study (probably still true today).
>>=20
>> -Zhiyun
>> On Sep 2, 2010, at 9:20 PM, Suresh Ramasubramanian wrote:
>>=20
>>> BCP38 / RFC2827 were created specifically to address some quite
>>> similar problems. And googling either of those two strings on nanog
>>> will get you a lot of griping and/or reasons as to why these aren't
>>> being more widely adopted :)
>>>=20
>>> --srs
>>>=20
>>> On Fri, Sep 3, 2010 at 7:47 AM, Zhiyun Qian <zhiyunq@umich.edu> =
wrote:
>>>> Suresh, thanks for your interest. I see you've had a lot of =
experience in fighting spam, so you must have known this. Yes, I know =
this spamming technique has been around for a while. But it's surprising =
to see that the majority of the ISPs that we studied are still =
vulnerable to this attack. That probably indicates that it is not as =
widely known as we would expect. So I thought it would be beneficial to =
raise the awareness of the problem.
>>>>=20
>>>> In terms of more results, the paper is the most detailed document =
we have. Otherwise, if you interested in the data that we collected =
(which ISPs or IP ranges are vulnerable to this attack). We can chat =
offline.
>>>>=20
>>>> Regards.
>>>> -Zhiyun
>>>=20
>>>=20
>>=20
>=20
