nanog mailing list archives
Port 25 filters - how many here deploy them bidirectionally?
From: Suresh Ramasubramanian <ops.lists () gmail com>
Date: Sun, 9 Jan 2005 19:55:17 +0530
.. and if it has been tried, have you noticed any issues with this? Please consider the situation of net abuse with the source address being an infected PCs on a dialup pool that has port 25 filtering enabled. This sequence below is summarized from a post by an ISP admin on another list that I read. 1) SYN - Worm emails / spam goes out from another provider, with the source address spoofed to be the IP of a trojaned PC 2) ACK - Receiving network sends an ACK back to the forged source IP, and the trojan on that IP proxies this back to the actual spam source. 3) SYNACK - sent by the actual spam source to your network. Applying port 25 filters both ways (inbound and outbound to your dialup pool, instead of just outbound port 25 filtering) would help in such a situation. So, a quick poll .. how many ISPs here have noticed this behavior, and applied bidirectional filters? And if they've applied port 25 filters bidirectionally, have they noticed any problems with this setup? This ISP's post is only the second I've seen noting such behavior in a few months, the first being a nanog post in Aug 2004 by Hank Nussbacher - http://www.cctec.com/maillists/nanog/current/msg03171.html Two posts about this in several months - but still, enough of a trend for me to wonder how widespread this behavior is. --srs -- Suresh Ramasubramanian (ops.lists () gmail com)
Current thread:
- Port 25 filters - how many here deploy them bidirectionally? Suresh Ramasubramanian (Jan 09)
- Re: Port 25 filters - how many here deploy them bidirectionally? Bob Martin (Jan 09)
- Re: Port 25 filters - how many here deploy them bidirectionally? Subhi S Hashwa (Jan 09)
- Re: Port 25 filters - how many here deploy them bidirectionally? Bob Martin (Jan 09)
- Re: Port 25 filters - how many here deploy them bidirectionally? Bob Martin (Jan 25)
- Re: Port 25 filters - how many here deploy them bidirectionally? Subhi S Hashwa (Jan 09)
- Re: Port 25 filters - how many here deploy them bidirectionally? Bob Martin (Jan 09)
- Re: Port 25 filters - how many here deploy them bidirectionally? Christopher L. Morrow (Jan 09)
- Re: Port 25 filters - how many here deploy them bidirectionally? John Levine (Jan 09)
- Re: Port 25 filters - how many here deploy them bidirectionally? Patrick W Gilmore (Jan 09)
- Re: Port 25 filters - how many here deploy them bidirectionally? Sean Donelan (Jan 09)
- Re: Port 25 filters - how many here deploy them bidirectionally? Suresh Ramasubramanian (Jan 09)
- Re: Port 25 filters - how many here deploy them bidirectionally? Todd Vierling (Jan 10)