nanog mailing list archives
Re: ISP port blocking practice
From: Robert Beverly <rbeverly () rbeverly net>
Date: Thu, 9 Sep 2010 16:45:06 -0400
On Thu, Sep 02, 2010 at 04:59:57PM -0500, Zhiyun Qian wrote:
One of the high-level findings is that we developed probing techniques to verify that indeed most ISPs are only blocking 1) "outgoing traffic of destination port 25" instead of 2) "incoming traffic with source port 25", which means that these ISPs are vulnerable to the assymetric routing attack.
Folks interested in port blocking may also find useful another academic work we did a few years ago that sought to broadly characterize the prevalence of port blocking, albeit under the guise of neutrality: http://rbeverly.net/research/papers/truck-pam07.html While we found that email ports (e.g. 25, 110, 143) were more than twice as likely to be blocked than a control port, other ports such as 136 were more widely blocked (136 is an innocuous profile port, but often suffers collateral damage because it lies between the microsoft and netbios 135-139 ports). Also, the asymmetric spam problem is covered in some detail in our 2009 IMC spoofer paper: http://rbeverly.net/research/papers/spoofer-imc09.html rob
Current thread:
- Re: ISP port blocking practice, (continued)
- Re: ISP port blocking practice Suresh Ramasubramanian (Sep 06)
- Re: ISP port blocking practice Randy Bush (Sep 06)
- Re: ISP port blocking practice Suresh Ramasubramanian (Sep 06)
- Re: ISP port blocking practice Randy Bush (Sep 07)
- Re: ISP port blocking practice John Levine (Sep 09)
- Re: ISP port blocking practice Owen DeLong (Sep 05)
- RE: ISP port blocking practice Brian Johnson (Sep 13)
- Re: RE: ISP port blocking practice Joshua William Klubi (Sep 13)
- Re: ISP port blocking practice Franck Martin (Sep 02)
- Re: ISP port blocking practice Owen DeLong (Sep 03)