nanog mailing list archives
Re: Port 25 filters - how many here deploy them bidirectionally?
From: Joe Rhett <jrhett () meer net>
Date: Tue, 11 Jan 2005 16:41:14 -0800
On Sun, Jan 09, 2005 at 07:55:17PM +0530, Suresh Ramasubramanian wrote:
1) SYN - Worm emails / spam goes out from another provider, with the source address spoofed to be the IP of a trojaned PC 2) ACK - Receiving network sends an ACK back to the forged source IP, and the trojan on that IP proxies this back to the actual spam source. 3) SYNACK - sent by the actual spam source to your network.
Only if you are only filtering SYNs. If you block ALL port 25 traffic, this won't work.
Applying port 25 filters both ways (inbound and outbound to your dialup pool, instead of just outbound port 25 filtering) would help in such a situation.
Inbound 25 filtering has nothing to do with the situation listed above. Or are you using inbound and outbound to review to packet flow on the interface rather than session flow? Must be confusing Cisco terms with actual networking again ;-) -- Joe Rhett Senior Geek Meer.net
Current thread:
- Re: Port 25 filters - how many here deploy them bidirectionally?, (continued)
- Re: Port 25 filters - how many here deploy them bidirectionally? Bob Martin (Jan 09)
- Re: Port 25 filters - how many here deploy them bidirectionally? Subhi S Hashwa (Jan 09)
- Re: Port 25 filters - how many here deploy them bidirectionally? Bob Martin (Jan 09)
- Re: Port 25 filters - how many here deploy them bidirectionally? Bob Martin (Jan 25)
- Re: Port 25 filters - how many here deploy them bidirectionally? Subhi S Hashwa (Jan 09)
- Re: Port 25 filters - how many here deploy them bidirectionally? Bob Martin (Jan 09)
- Re: Port 25 filters - how many here deploy them bidirectionally? Christopher L. Morrow (Jan 09)
- Re: Port 25 filters - how many here deploy them bidirectionally? John Levine (Jan 09)
- Re: Port 25 filters - how many here deploy them bidirectionally? Patrick W Gilmore (Jan 09)
- Re: Port 25 filters - how many here deploy them bidirectionally? Sean Donelan (Jan 09)
- Re: Port 25 filters - how many here deploy them bidirectionally? Suresh Ramasubramanian (Jan 09)
- Re: Port 25 filters - how many here deploy them bidirectionally? Todd Vierling (Jan 10)
- Re: Port 25 filters - how many here deploy them bidirectionally? Joe Rhett (Jan 11)
- Re: Port 25 filters - how many here deploy them bidirectionally? Todd Vierling (Jan 11)