[84486] in North American Network Operators' Group
Re: mail service with no mx (was - Re: Computer systems blamed for
daemon@ATHENA.MIT.EDU (Crist Clark)
Tue Sep 13 20:43:51 2005
Date: Tue, 13 Sep 2005 17:43:20 -0700
From: Crist Clark <crist.clark@globalstar.com>
In-reply-to: <20050913235950.GA16550@flounder.net>
To: nanog <nanog@merit.edu>
Reply-To: crist.clark@globalstar.com
Errors-To: owner-nanog@merit.edu
Adam McKenna wrote:
> On Tue, Sep 13, 2005 at 04:31:05PM -0700, william(at)elan.net wrote:
>
>>Telnet option negotiation is at Layer 7 after TCP connection has been
>>established. Firewalls typically don't operate at this level (TCP session
>>is Layer 4 if I remember right) and would refuse or reject (difference
>>type of ICMP response) based solely on attempt to connect to certain
>>ip or certain TCP/UDP port.
>
>
> Application layer firewalls have existed for at least 6 years.
AAAAAAAAAAAGGGGGGGGGGHHHHHH!
But the point is that you would still establish a TCP connection
before a MTA, firewall, IPS, or whatever could know it was telnet!
The FEMA address that started this whole thing was timing out. You
can tell the difference between a telnet filter and something
completely, silently blocking 25/tcp.
CAN THIS DIE NOW? Pulllleeeeeese...
--
Crist J. Clark crist.clark@globalstar.com
Globalstar Communications (408) 933-4387
