nanog mailing list archives
RE: ISP port blocking practice
From: "Brian Johnson" <bjohnson () drtel com>
Date: Sun, 12 Sep 2010 21:34:28 -0500
-----Original Message----- From: Owen DeLong [mailto:owen () delong com] Sent: Friday, September 03, 2010 1:10 PM To: John Levine Cc: nanog () nanog org Subject: Re: ISP port blocking practice Sent from my iPad
COOL!
On Sep 3, 2010, at 10:10 PM, John Levine <johnl () iecc com> wrote:Really? So, since so many ISPs are blocking port 25, there's lots
less spam
hitting our networks?It's been extremely effective in blocking spam sent by spambots on large ISPs. It's not a magic anti-spam bullet. (If you know one, please let us know.)That simply hasn't been my experience. I still get lots of spam from
booted
hosts in large provider networks, and yes, that includes many that
block 25. As
near as I can tell, 25 blocking is not affecting spammers at all, just
legitimate
users. There was a time when it was effective, but the spammers have long
since
adapted. Now we are only breaking the Internet. We are no ,onger accomplishing anything ireful. It's pure momentum.
So.... How are you getting messages from a user who is sending a message from a network with port 25 blocked? If there is some kind of alternate port usage, or tunneling going on, then there would have been no way to stop it with a filter without doing even more filtering. This additional filtering would likely increase the number of blocked port numbers. This would start breaking other valid protocols. Since you have no suggestions on how to actually handle this issue, I would suggest that you stop criticizing the ones trying to solve the problem for the excessive majority (likely < 99.999%) of users. It is OK to represent the needs of a minority, but the average user doesn't even notice these types of filters and it prevents (largely) ISPs from spending time removing customer IP addresses from RBLs and other filtering mechanisms.
workaround. Since, like many of us, I use a lot of transient
networks,
having to reconfigure for each unique set of brokenness is actually
wasting
more of my time than the spam this brokenness was alleged to
prevent.
Is there some reason you aren't able to configure your computers to
use
tunnels or SUBMIT? They seem to work pretty well for other people.Many of the transient networks I deal with block 22, 25, 465, and 587.
They
also often block protocols 41 and 43 or do not provide a public
address,
rendering those protocols unusable anyway. Yes, I am now running ssh and s,tp processes on ports 80 and 443 to get around this, but, that consumes an extra address for something that
should
be handled by a port number.
I'm sorry that you have/had to deal with a provider doing this. I would call it bad form to block ports used for completely valid reasons (not abused services) and would stand by you on those issues.
Personally, i'd rather use port numbers for l4 uniqueness rather than
IP
Addresses.
With you here brother. :)
Owen
BTW... In a previous post you mentioned "Net Neutrality". Port 25 blocking has NOTHING to do with "Net Neutrality" as long as you block port 25 in a non-partisan manner. If I block port 25 to provider X and not to provider Y for any reason other than abuse/security/network stability specific reasons (meaning to be financially or ethically unreasonable), then it may be considered not being "neutral" in the terms of "Net Neutrality". I would NEVER do such a thing. - Brian CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, copying, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Thank you.
Current thread:
- Re: ISP port blocking practice, (continued)
- Re: ISP port blocking practice Owen DeLong (Sep 03)
- Re: ISP port blocking practice John Levine (Sep 03)
- Re: ISP port blocking practice Owen DeLong (Sep 03)
- Re: ISP port blocking practice John R. Levine (Sep 03)
- RE: ISP port blocking practice Paul Stewart (Sep 03)
- Re: ISP port blocking practice Doug Barton (Sep 03)
- Re: ISP port blocking practice Franck Martin (Sep 03)
- Re: ISP port blocking practice Owen DeLong (Sep 03)
- Re: ISP port blocking practice John R. Levine (Sep 03)
- Re: ISP port blocking practice Robert E. Seastrom (Sep 08)
- RE: ISP port blocking practice Brian Johnson (Sep 12)
- Re: ISP port blocking practice Patrick W. Gilmore (Sep 03)
- Re: ISP port blocking practice Ricky Beam (Sep 03)
- Message not available
- Re: ISP port blocking practice Patrick W. Gilmore (Sep 03)
- Re: ISP port blocking practice Claudio Lapidus (Sep 05)
- Re: ISP port blocking practice Patrick W. Gilmore (Sep 05)
- Re: ISP port blocking practice Franck Martin (Sep 05)
- Re: ISP port blocking practice Paul Ferguson (Sep 05)
- Re: ISP port blocking practice Jon Lewis (Sep 05)
- Re: ISP port blocking practice Owen DeLong (Sep 05)
- Re: ISP port blocking practice Franck Martin (Sep 05)