[129347] in North American Network Operators' Group
Re: ISP port blocking practice
daemon@ATHENA.MIT.EDU (Owen DeLong)
Fri Sep 3 08:45:42 2010
From: Owen DeLong <owen@delong.com>
In-Reply-To: <21142480.561.1283486205029.JavaMail.franck@franck-martins-macbook-pro.local>
Date: Fri, 3 Sep 2010 05:18:38 -0700
To: Franck Martin <franck@genius.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
It may be a recommended practice from MAAWG, but, it's still damage to =
the network which is often routed around. It's a minor inconvenience to =
spammers and a slightly bigger problem for legitimate
users. I don't see the win here. Just because they recommend it doesn't =
make it a good recommendation.
MAAWG appears to have a single priority... Reducing spam by whatever =
means possible, regardless
of cost or efficacy. Some of their recommendations (most, even) are =
good and useful. Some are
easy to implement, ineffective, and ill-conceived. Outbound blocking of =
port 25 from people attempting
to reach their home MTA/MSA with TLS and SMTP-AUTH just because they =
don't have a static address
is an example of easy to implement, ineffective, and ill-conceived.
Owen
On Sep 2, 2010, at 8:56 PM, Franck Martin wrote:
> Blocking outbound port 25 in certain conditions (mainly anything with =
a dynamic IPv4), is a recommended practice from MAAWG.org and others, =
they have a few useful documents for ISPs to deal with their network.
>=20
> ----- Original Message -----
> From: "Owen DeLong" <owen@delong.com>
> To: "Zhiyun Qian" <zhiyunq@umich.edu>
> Cc: "NANOG list" <nanog@nanog.org>
> Sent: Friday, 3 September, 2010 3:48:20 PM
> Subject: Re: ISP port blocking practice
>=20
> We should be seeking to stop damaging the network for ineffective anti =
spam measures (blocking outbound 25 for example) rather than to expand =
this practice to bidirectional brokenness.
>=20
> Owen
>=20
> Sent from my iPad
>=20
> On Sep 3, 2010, at 12:25 PM, Zhiyun Qian <zhiyunq@umich.edu> wrote:
>=20
>> I skimmed through these specs. They are useful but seems only related =
specific to IP spoofing prevention. I see that IP spoofing is part of =
the asymmetric routing story. But I was more thinking that given that IP =
spoofing is not widely adopted, the other defenses that they can more =
perhaps more easily implement is to block incoming traffic with source =
port 25 (if they already decided to block outgoing traffic with =
destination port 25). But according to our study, most of the ISPs =
didn't do that at the time of study (probably still true today).
>>=20
>> -Zhiyun
>> On Sep 2, 2010, at 9:20 PM, Suresh Ramasubramanian wrote:
>>=20
>>> BCP38 / RFC2827 were created specifically to address some quite
>>> similar problems. And googling either of those two strings on nanog
>>> will get you a lot of griping and/or reasons as to why these aren't
>>> being more widely adopted :)
>>>=20
>>> --srs
>>>=20
>>> On Fri, Sep 3, 2010 at 7:47 AM, Zhiyun Qian <zhiyunq@umich.edu> =
wrote:
>>>> Suresh, thanks for your interest. I see you've had a lot of =
experience in fighting spam, so you must have known this. Yes, I know =
this spamming technique has been around for a while. But it's surprising =
to see that the majority of the ISPs that we studied are still =
vulnerable to this attack. That probably indicates that it is not as =
widely known as we would expect. So I thought it would be beneficial to =
raise the awareness of the problem.
>>>>=20
>>>> In terms of more results, the paper is the most detailed document =
we have. Otherwise, if you interested in the data that we collected =
(which ISPs or IP ranges are vulnerable to this attack). We can chat =
offline.
>>>>=20
>>>> Regards.
>>>> -Zhiyun
>>>=20
>>>=20
>>=20
>=20
