nanog mailing list archives
Re: mail service with no mx (was - Re: Computer systems blamed for feeble hurricane response?)
From: Joseph S D Yao <jsdy () center osis gov>
Date: Tue, 13 Sep 2005 23:39:55 -0400
On Tue, Sep 13, 2005 at 04:31:05PM -0700, william(at)elan.net wrote:
On Wed, 14 Sep 2005, Roy Badami wrote:william(at)elan> Could you elaborate on how firewall will william(at)elan> determine if the connection is from mail server william(at)elan> or from telnet on port 25? Perhaps because most telnet clients will attempt telnet option negotiation? If so one could avoid this by using a client such as netcat...Telnet option negotiation is at Layer 7 after TCP connection has been established. Firewalls typically don't operate at this level (TCP session is Layer 4 if I remember right) and would refuse or reject (difference type of ICMP response) based solely on attempt to connect to certain ip or certain TCP/UDP port.
You're talking about the packet filters that marketeers sell as "firewalls". The best firewalls operate at the application layer. And, yes, that's an OPINION, no need to rave. -- Joe Yao ----------------------------------------------------------------------- This message is not an official statement of OSIS Center policies.
Current thread:
- mail service with no mx (was - Re: Computer systems blamed for feeble hurricane response?), (continued)
- mail service with no mx (was - Re: Computer systems blamed for feeble hurricane response?) Roy Badami (Sep 13)
- Re: mail service with no mx (was - Re: Computer systems blamed for feeble hurricane response?) william(at)elan.net (Sep 13)
- Re: mail service with no mx (was - Re: Computer systems blamed for feeble hurricane response?) Adam McKenna (Sep 13)
- Re: mail service with no mx (was - Re: Computer systems blamed for feeble hurricane response?) Crist Clark (Sep 13)
- Re: mail service with no mx (was - Re: Computer systems blamed for feeble hurricane response?) Steven M. Bellovin (Sep 13)
- Re: mail service with no mx (was - Re: Computer systems blamed for feeble hurricane response?) Dave Crocker (Sep 13)
- Re: mail service with no mx (was - Re: Computer systems blamed for feeble hurricane response?) Joseph S D Yao (Sep 14)
- Re: mail service with no mx (was - Re: Computer systems blamed for feeble hurricane response?) Robert E . Seastrom (Sep 14)
- Re: mail service with no mx (was - Re: Computer systems blamed for feeble hurricane response?) Joseph S D Yao (Sep 15)
- Re: mail service with no mx (was - Re: Computer systems blamed for feeble hurricane response?) Steven M. Bellovin (Sep 14)
- Re: mail service with no mx (was - Re: Computer systems blamed for feeble hurricane response?) Joseph S D Yao (Sep 13)
- Re: mail service with no mx (was - Re: Computer systems blamed for feeble hurricane response?) Tony Finch (Sep 14)
- Re: Computer systems blamed for feeble hurricane response? Christian Kuhtz (Sep 13)
- Re: Computer systems blamed for feeble hurricane response? william(at)elan.net (Sep 13)
- Re: Computer systems blamed for feeble hurricane response? Valdis . Kletnieks (Sep 13)
- Re: Computer systems blamed for feeble hurricane response? Christian Kuhtz (Sep 13)
- Re: Computer systems blamed for feeble hurricane response? Randy Bush (Sep 13)
- Re: Computer systems blamed for feeble hurricane response? Michael . Dillon (Sep 14)