nanog mailing list archives
Re: BLS FastAccess internal tech needed
From: Todd Vierling <tv () duh org>
Date: Fri, 13 Jan 2006 00:19:14 -0500 (Eastern Standard Time)
On Fri, 13 Jan 2006, Suresh Ramasubramanian wrote:
(Your new SMTP port filters put in today in the Atlanta market are a step in the right direction, but they are configured incorrectly: They block outbound connections to port 25, which is good -- but they are also blocking *inbound* connections to a local SMTP receiver, which protects nothing and simply annoys those of us who have a clue.)What they're *trying* to do is actually quite sensible, and beats spammers trying to do asymmetric routing / source address spoofing type stuff I guess what they actually should do is filtering inbound connections FROM port 25 to any port.
That's why I said that it is misconfigured. The inbound packet filter has the wrong matching criterion. -- -- Todd Vierling <tv () duh org> <tv () pobox com> <todd () vierling name>
Current thread:
- BLS FastAccess internal tech needed Todd Vierling (Jan 12)
- Re: BLS FastAccess internal tech needed Suresh Ramasubramanian (Jan 12)
- Re: BLS FastAccess internal tech needed Todd Vierling (Jan 12)
- <Possible follow-ups>
- Re: BLS FastAccess internal tech needed Fergie (Jan 12)
- Re: BLS FastAccess internal tech needed Christopher L. Morrow (Jan 12)
- Re: BLS FastAccess internal tech needed Steven M. Bellovin (Jan 12)
- State of Spoofing [was: Re: BLS FastAccess internal tech needed] Robert Beverly (Jan 24)
- Re: BLS FastAccess internal tech needed Fergie (Jan 12)
- Re: BLS FastAccess internal tech needed Suresh Ramasubramanian (Jan 12)