Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: mail service with no mx (was - Re: Computer systems blamed for feeble hurricane response?)

  • From: Joseph S D Yao
  • Date: Tue Sep 13 23:41:13 2005

On Tue, Sep 13, 2005 at 04:31:05PM -0700, william(at)elan.net wrote:
> On Wed, 14 Sep 2005, Roy Badami wrote:
> 
> >   william(at)elan> Could you elaborate on how firewall will
> >   william(at)elan> determine if the connection is from mail server
> >   william(at)elan> or from telnet on port 25?
> >
> >Perhaps because most telnet clients will attempt telnet option
> >negotiation?  If so one could avoid this by using a client such as
> >netcat...
> 
> Telnet option negotiation is at Layer 7 after TCP connection has been
> established. Firewalls typically don't operate at this level (TCP session
> is Layer 4 if I remember right) and would refuse or reject (difference
> type of ICMP response) based solely on attempt to connect to certain
> ip or certain TCP/UDP port.


You're talking about the packet filters that marketeers sell as
"firewalls".  The best firewalls operate at the application layer.  And,
yes, that's an OPINION, no need to rave.


-- 
Joe Yao
-----------------------------------------------------------------------
   This message is not an official statement of OSIS Center policies.




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.