Re: ISPs are asked to block yet another port

[jlewis () lewis org]

On 23 Jun 2003, Paul Vixie wrote:

> 3) thoughtless reactionism at isp's does little good and sometimes some harm.
>
> take for example port-25 blocking.  i've been getting relayprobed all
> weekend by someone who gets around outbound at&t's tcp/25 SYN blocking
> by sending their SYN's through a provider who shall remain nameless
... 
> so if you're going to block tcp/25 SYNs on outbound, please make sure
> you block SYN/ACK's on input too, or else you just give the spammers a
> little more work to do instead of a lot more work to do.

We used to provide dial-up ports to a large cut-rate dial provider who I'm
not going to name.  Their reaction to such games was to send in their
radius auth packets data filters to block both outgoing to port 25 and
incoming from port 25.

There's nothing silly about restricting use of tcp/25 for dial-ups and 
other dynamics...you just have to do it right to be 100% effective.

----------------------------------------------------------------------
 Jon Lewis *jlewis () lewis org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |  
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________