nanog mailing list archives
Re: ISPs are asked to block yet another port
From: Paul Vixie <vixie () vix com>
Date: 23 Jun 2003 17:56:50 +0000
chris () UU NET ("Christopher L. Morrow") writes:
ISP's could block all ports and save everyone the hassle of having an Internet.... (I am just kidding of course) Two interesting points though: 1) Spammers adapt 2) default insecure OS installs cause problems
3) thoughtless reactionism at isp's does little good and sometimes some harm. take for example port-25 blocking. i've been getting relayprobed all weekend by someone who gets around outbound at&t's tcp/25 SYN blocking by sending their SYN's through a provider who shall remain nameless (except that chris morrow happens to work there :-)) using at&t IP source addresses. i guess they multihomed their host and bind()'d the outbound socket to one interface even while making sure the routing used a different interface. high rocket science? NOT. so if you're going to block tcp/25 SYNs on outbound, please make sure you block SYN/ACK's on input too, or else you just give the spammers a little more work to do instead of a lot more work to do. -- Paul Vixie
Current thread:
- ISPs are asked to block yet another port Sean Donelan (Jun 22)
- Re: ISPs are asked to block yet another port Tony Rall (Jun 22)
- Re: ISPs are asked to block yet another port Jeff Kell (Jun 23)
- Re: ISPs are asked to block yet another port Peter E. Fry (Jun 23)
- Re: ISPs are asked to block yet another port Christopher L. Morrow (Jun 23)
- Re: ISPs are asked to block yet another port Jared Mauch (Jun 23)
- Re: ISPs are asked to block yet another port Paul Vixie (Jun 23)
- Re: ISPs are asked to block yet another port jlewis (Jun 23)
- Re: ISPs are asked to block yet another port Christopher L. Morrow (Jun 23)
- Re: ISPs are asked to block yet another port Jack Bates (Jun 23)
- Re: ISPs are asked to block yet another port Paul Vixie (Jun 23)
- Re: ISPs are asked to block yet another port Paul Vixie (Jun 23)
- Re: ISPs are asked to block yet another port Christopher L. Morrow (Jun 23)
- Re: ISPs are asked to block yet another port Christopher L. Morrow (Jun 23)
- <Possible follow-ups>
- RE: ISPs are asked to block yet another port Christopher L. Morrow (Jun 23)
- Re: ISPs are asked to block yet another port Paul Vixie (Jun 24)