[84481] in North American Network Operators' Group
Re: mail service with no mx (was - Re: Computer systems blamed for
daemon@ATHENA.MIT.EDU (william(at)elan.net)
Tue Sep 13 19:32:50 2005
Date: Tue, 13 Sep 2005 16:31:05 -0700 (PDT)
From: "william(at)elan.net" <william@elan.net>
To: Roy Badami <roy@gnomon.org.uk>
Cc: Joseph S D Yao <jsdy@center.osis.gov>, nanog@nanog.org
In-Reply-To: <17191.24126.714477.113319@giles.gnomon.org.uk>
Errors-To: owner-nanog@merit.edu
On Wed, 14 Sep 2005, Roy Badami wrote:
> william(at)elan> Could you elaborate on how firewall will
> william(at)elan> determine if the connection is from mail server
> william(at)elan> or from telnet on port 25?
>
> Perhaps because most telnet clients will attempt telnet option
> negotiation? If so one could avoid this by using a client such as
> netcat...
Telnet option negotiation is at Layer 7 after TCP connection has been
established. Firewalls typically don't operate at this level (TCP session
is Layer 4 if I remember right) and would refuse or reject (difference
type of ICMP response) based solely on attempt to connect to certain
ip or certain TCP/UDP port.
--
William Leibzon
Elan Networks
william@elan.net
