[59277] in North American Network Operators' Group
Re: ISPs are asked to block yet another port
daemon@ATHENA.MIT.EDU (jlewis@lewis.org)
Mon Jun 23 14:16:58 2003
Date: Mon, 23 Jun 2003 14:16:10 -0400 (EDT)
From: jlewis@lewis.org
To: Paul Vixie <vixie@vix.com>
Cc: nanog@merit.edu
In-Reply-To: <g3d6h4k78d.fsf@sa.vix.com>
Errors-To: owner-nanog-outgoing@merit.edu
On 23 Jun 2003, Paul Vixie wrote:
> 3) thoughtless reactionism at isp's does little good and sometimes some harm.
>
> take for example port-25 blocking. i've been getting relayprobed all
> weekend by someone who gets around outbound at&t's tcp/25 SYN blocking
> by sending their SYN's through a provider who shall remain nameless
...
> so if you're going to block tcp/25 SYNs on outbound, please make sure
> you block SYN/ACK's on input too, or else you just give the spammers a
> little more work to do instead of a lot more work to do.
We used to provide dial-up ports to a large cut-rate dial provider who I'm
not going to name. Their reaction to such games was to send in their
radius auth packets data filters to block both outgoing to port 25 and
incoming from port 25.
There's nothing silly about restricting use of tcp/25 for dial-ups and
other dynamics...you just have to do it right to be 100% effective.
----------------------------------------------------------------------
Jon Lewis *jlewis@lewis.org*| I route
System Administrator | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
