nanog mailing list archives
Re: Customer-facing ACLs
From: Mark Foster <blakjak () blakjak net>
Date: Sat, 8 Mar 2008 17:02:18 +1300 (NZDT)
Blocking port 25 outbound for dynamic users until they specifically request it be unblocked seems to me to meet the "no undue burden" test; so would port 22 and 23. Beyond that, I'd probably be hesitant until I either started getting a significant number of abuse reports about a certain flavor of traffic that I had reason to believe was used by only a tiny minority of my own users.
Sorry, I must've missed something. Port 25 outbound (excepting ISP SMTP server) seems entirely logical to me.Port 22 outbound? And 23? Telnet and SSH _outbound_ cause that much of a concern? I can only assume it's to stop clients exploited boxen being used to anonymise further telnet/ssh attempts - but have to admit this discussion is the first i've heard of it being done 'en masse'.
It'd frustrate me if I jacked into a friends Internet in order to do some legitimate SSH based server administration, I imagine...
Is this not 'reaching' or is there a genuine benefit in blocking these ports as well?
Mark.
Current thread:
- Re: Customer-facing ACLs, (continued)
- Re: Customer-facing ACLs Christopher Morrow (Mar 11)
- Re: Customer-facing ACLs Scott Weeks (Mar 07)
- Re: Customer-facing ACLs Justin Shore (Mar 07)
- Re: Customer-facing ACLs Dave Pooser (Mar 07)
- Re: Customer-facing ACLs Joel Jaeggli (Mar 07)
- Re: Customer-facing ACLs Justin Shore (Mar 07)
- Re: Customer-facing ACLs Scott Weeks (Mar 07)
- RE: Customer-facing ACLs Carpenter, Jason (Mar 07)
- Re: Customer-facing ACLs Dave Pooser (Mar 07)
- Re: Customer-facing ACLs Andy Dills (Mar 07)
- Re: Customer-facing ACLs Dave Pooser (Mar 07)
- Re: Customer-facing ACLs Mark Foster (Mar 07)
- RE: Customer-facing ACLs Frank Bulk (Mar 07)
- Re: Customer-facing ACLs Joel Jaeggli (Mar 07)
- RE: Customer-facing ACLs Frank Bulk - iNAME (Mar 08)
- Re: Customer-facing ACLs Justin Shore (Mar 08)
- RE: Customer-facing ACLs Frank Bulk - iNAME (Mar 08)
- Re: Customer-facing ACLs Dave Pooser (Mar 07)
- Re: Customer-facing ACLs Mark Foster (Mar 07)
- Re: Customer-facing ACLs Dave Pooser (Mar 08)
- Re: Customer-facing ACLs Jay Hennigan (Mar 08)
- Re: Customer-facing ACLs William Norton (Mar 08)