nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ingress SMTP

From: matthew () sorbs net
Date: Thu, 04 Sep 2008 08:53:15 +1000

Justin Scott said:


Your comment about "exceptions for customers that prove they know how to
lock down" is not based in reality, frankly.  Have you ever tried to
have Joe Sixpack call BigISP support to ask for an exception to a port
block on his consumer-class connection with a dynamic IP?  That's a wall
that I would not be willing to ask my customers to climb over.


iiNet a reasonably sized Aussie ISP has a web page (specifially part of
the 'My Account' page) where you can, with a simple check box, choose to
have commonly abused ports blocked *for outgoing connections* or not.

Last time I looked the ports blocked were:

Port 25
Port 137
Port 138
Port 139
Port 445

How the back end works I don't know, but it is pretty seemless to the
user, as I opted out of the block as soon as I connected.  Their tech
support is reasonably unintelligent at level 1, but even they were able
to understand my problem and explain where the checkbox was so that
within 35 seconds of taking the call my servers were open to the
Internet in both directions.

Regards,

Matthew
Previous By Date Next
Previous By Thread Next

Current thread: