nanog mailing list archives
Re: ISP port blocking practice
From: Antonio Querubin <tony () lava net>
Date: Thu, 22 Oct 2009 07:32:42 -1000 (HST)
On Thu, 22 Oct 2009, Zhiyun Qian wrote:
the common practice for you and your ISP)? More specifically, when ISPs try to block certain outgoing port (port 25 for instance), they could do two rules: 1). For any outgoing traffic, if the destination port is 25, then drop the packets. 2). For any incoming traffic, if the source port is 25, then drop the packets.Note that either of the rule would be able to block outgoing port 25 traffic since each rule essentially represent one direction in a TCP flow. Of course, they could apply both rules. However, based on our measurement study, it looks like most of the ISPs are only using rule 1). Is there any particular reason why rule 1) instead of rule 2)? Or maybe both?
Because rule 1 prevents the target server from having to respond to the initial connection request in the first place thereby reducing load on the server and reducing network traffic. Ie. both rules prevent the connection but 1 stops it earlier.
Antonio Querubin 808-545-5282 x3003 e-mail/xmpp: tony () lava net
Current thread:
- ISP port blocking practice Zhiyun Qian (Oct 22)
- Re: ISP port blocking practice Antonio Querubin (Oct 22)
- Re: ISP port blocking practice Valdis . Kletnieks (Oct 22)
- Re: ISP port blocking practice Ricky Beam (Oct 22)
- Re: ISP port blocking practice Justin Shore (Oct 22)
- Re: ISP port blocking practice Lyndon Nerenberg (VE6BBM/VE7TFX) (Oct 22)
- Re: ISP port blocking practice Sean Donelan (Oct 22)
- Re: ISP port blocking practice Joe Maimon (Oct 22)
- Re: ISP port blocking practice Steve Bertrand (Oct 22)
- Re: ISP port blocking practice Lyndon Nerenberg (VE6BBM/VE7TFX) (Oct 23)
- Re: ISP port blocking practice Chris Boyd (Oct 23)
- Re: ISP port blocking practice Lyndon Nerenberg (VE6BBM/VE7TFX) (Oct 22)
- Re: ISP port blocking practice Justin Shore (Oct 22)