[59281] in North American Network Operators' Group
Re: ISPs are asked to block yet another port
daemon@ATHENA.MIT.EDU (Paul Vixie)
Mon Jun 23 16:20:56 2003
From: Paul Vixie <paul@vix.com>
To: nanog@merit.edu
In-Reply-To: Message from "Christopher L. Morrow" <chris@UU.NET>
of "Mon, 23 Jun 2003 19:49:09 GMT."
<Pine.GSO.4.53.0306231942540.23433@rampart.argfrp.us.uu.net>
Date: Mon, 23 Jun 2003 20:20:22 +0000
Errors-To: owner-nanog-outgoing@merit.edu
> Its a sucky world sometimes. Perhaps Paul complained to
> ATT/<other-unnamed-provider> with logs and such? :)
oh yes. i tried *several* ways to get their attention. however, this
kind of activity is so common these days that a noc literally has no
choice but to focus their efforts on less common and more damaging
things than relayprobing. so i was not shocked that they did not
answer me.
> > so if you're going to block tcp/25 SYNs on outbound, please make sure
> > you block SYN/ACK's on input too, or else you just give the spammers a
> > little more work to do instead of a lot more work to do.
>
> Yup, this is in the works also... and yes, someone realized quickly enough
> that the one-way filtering was dumb. oh well. live and learn!
that's good news, thanks for sharing it. any schedule for a fix :-) ??
