Re: ISP port blocking practice

About Merit

Services

Network

Resources & Support

Network Research

News

Events

Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Re: ISP port blocking practice

From: Justin Shore
Date: Thu Oct 22 19:29:44 2009

List-archive: <http://mailman.nanog.org/mailman/nanog>
List-help: <mailto:nanog-request@nanog.org?subject=help>
List-id: North American Network Operators Group <nanog.nanog.org>
List-post: <mailto:nanog@nanog.org>
List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>,<mailto:nanog-request@nanog.org?subject=subscribe>
List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>,<mailto:nanog-request@nanog.org?subject=unsubscribe>

Zhiyun Qian wrote:

1). For any outgoing traffic, if the destination port is 25, then drop the packets.
2). For any incoming traffic, if the source port is 25, then drop the packets.

It's been pointed that I glossed over the wording of #2, specifically missing the "source port" part of it, thus giving the right answer to the wrong question. :-)

To answer your question, all our tcp/25 filters are based on destination port. I could use source port but really I'm more concerned with my customers not running SMTP servers in one direction and them not being able to send spam in the other. Using source port needlessly complicates those goals IMHO. Someone might have a specific reason to use it but I don't in my case at least.

Justin

References:
- ISP port blocking practice Zhiyun Qian

Prev by Date: Re: IPv6 Deployment for the LAN
Next by Date: Re: {SPAM?} Re: IPv6 Deployment for the LAN
Date Index
Thread Index
Author Index
Historical