[156028] in North American Network Operators' Group
Re: The End-To-End Internet (was Re: Blocking MX query)
daemon@ATHENA.MIT.EDU (Sean Harlow)
Tue Sep 4 15:22:22 2012
From: Sean Harlow <sean@seanharlow.info>
In-Reply-To: <11671130.23144.1346782974846.JavaMail.root@benjamin.baylink.com>
Date: Tue, 4 Sep 2012 15:21:25 -0400
To: Jay Ashworth <jra@baylink.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sep 4, 2012, at 14:22, Jay Ashworth wrote:
> I find these conflicting reports very conflicting. Either the =
end-to-end
> principle *is* the Prime Directive... or it is *not*.
Just because something is of extremely high importance does not mean it =
still can't be overridden when there's good enough reason.
In this case, in the majority of "random computer on the internet" IP =
blocks the ratio of spambots to legitimate mail senders is so far off =
balance that a whitelisting approach to allowing outbound port 25 =
traffic is not unreasonable. Unlike the bad kinds of NAT, this doesn't =
also indiscriminately block thousands of other uses, it exclusively =
affects email traffic in a way which is trivial for the legitimate user =
to work around while stopping the random infected hosts in their tracks.
Many providers also block traffic on ports like 137 (NetBIOS) on =
"consumer" space for similar reasons, the malicious or unwanted uses =
vastly outweigh the legitimate ones.
The reason bad NATs get dumped on is because there are better solutions =
both known and available on the market. If you have an idea for a way =
to allow your laptop to send messages directly while still stopping or =
minimizing the ability of the thousands of zombies sharing an ISP with =
you from doing the same the world would love to hear it.
---
Sean Harlow
sean@seanharlow.info
