nanog mailing list archives

Re: Outgoing SMTP Servers

From: Owen DeLong <owen () delong com>
Date: Wed, 26 Oct 2011 07:24:23 -0600




In a perfect world we would all have as many static globally routed IP
addresses as we want with nothing filtered, in the real world a
residential ISP who gives their customers globally routable IPv4
addresses for each computer (ie. a CPE that supports multiple
computers without NAT) with no filtering at all is probably going to
have to hire more support staff to deal with it, even before people
from this list start null routing their IP space for being a rogue ISP
that clearly doesn't give a damn etc :)


Agreed that we should get to the point where everyone can have thousands of static globally routed subsets as soon as 
possible. The technology already exists and I use it wherever it is available. I have 65,536 static globally routed 
subsets available in my network, though I do not currently use that many. The reason we don't all have that yet is 
merely delay and inaction by those who have not yet implemented current IP technologies.


Perhaps our next try with IPv6 can be a perfect world where hosts are
secure enough for open end to end connectivity and infected machines
are rarely a problem? IPv6 enabled systems are more secure than a lot
of the systems we have floating around on IPv4 networks, but I still
think we're going to end up with port blocking becoming reasonably
common on IPv6 as well once that starts getting widely deployed to
residential users.


Firewalls are perfectly valid and I have no general objection to filtering packets based on the policy set by a site. 
What I object to is having someone I pay to move my packets tell me that they won't move some of those packets because 
they feel it is some form of best practice to eliminate my perfectly valid packets in order to prevent someone else 
from committing some form of abuse on the same protocol.

I object even more strenuously to someone who redirects my packets for their intended destination to some man in the 
middle attack destination of their choosing.

Redirecting someones SMTP is a man I. The middle attack. It is every bit as evil as any other form of network abuse or 
hijacking.

Owen

Current thread:

Re: Outgoing SMTP Servers, (continued)
- - - Re: Outgoing SMTP Servers Ricky Beam (Oct 25)
    - Re: Outgoing SMTP Servers Alex Harrowell (Oct 25)
    - Re: Outgoing SMTP Servers Robert Bonomi (Oct 25)
    - Re: Outgoing SMTP Servers Mike Jones (Oct 25)
    - Re: Outgoing SMTP Servers Owen DeLong (Oct 25)
    - Re: Outgoing SMTP Servers William Herrin (Oct 25)
    - Re: Outgoing SMTP Servers Owen DeLong (Oct 25)
    - Re: Outgoing SMTP Servers William Herrin (Oct 25)
    - Re: Outgoing SMTP Servers Owen DeLong (Oct 25)
    - Re: Outgoing SMTP Servers Mike Jones (Oct 25)
    - Re: Outgoing SMTP Servers Owen DeLong (Oct 26)
    - Re: Outgoing SMTP Servers Henry Yen (Oct 26)
    - Re: Outgoing SMTP Servers Graham Beneke (Oct 25)
    - Re: Outgoing SMTP Servers Ricky Beam (Oct 26)
    - Re: Outgoing SMTP Servers Mark Andrews (Oct 26)
    - Re: Outgoing SMTP Servers Leigh Porter (Oct 26)
    - Re: Outgoing SMTP Servers Mark Foster (Oct 26)
    - Re: Outgoing SMTP Servers Mark Andrews (Oct 26)
    - Re: Outgoing SMTP Servers Bjørn Mork (Oct 27)
    - Re: Outgoing SMTP Servers Jay Ashworth (Oct 26)
    - Re: Outgoing SMTP Servers William Herrin (Oct 25)

(Thread continues...)