ISP port blocking practice

Owen DeLong owen at delong.com
Fri Sep 3 12:18:38 UTC 2010


It may be a recommended practice from MAAWG, but, it's still damage to the network which is often routed around. It's a minor inconvenience to spammers and a slightly bigger problem for legitimate
users. I don't see the win here. Just because they recommend it doesn't make it a good recommendation.
MAAWG appears to have a single priority... Reducing spam by whatever means possible, regardless
of cost or efficacy.  Some of their recommendations (most, even) are good and useful. Some are
easy to implement, ineffective, and ill-conceived. Outbound blocking of port 25 from people attempting
to reach their home MTA/MSA with TLS and SMTP-AUTH just because they don't have a static address
is an example of easy to implement, ineffective, and ill-conceived.

Owen

On Sep 2, 2010, at 8:56 PM, Franck Martin wrote:

> Blocking outbound port 25 in certain conditions (mainly anything with a dynamic IPv4), is a recommended practice from MAAWG.org and others, they have a few useful documents for ISPs to deal with their network.
> 
> ----- Original Message -----
> From: "Owen DeLong" <owen at delong.com>
> To: "Zhiyun Qian" <zhiyunq at umich.edu>
> Cc: "NANOG list" <nanog at nanog.org>
> Sent: Friday, 3 September, 2010 3:48:20 PM
> Subject: Re: ISP port blocking practice
> 
> We should be seeking to stop damaging the network for ineffective anti spam measures (blocking outbound 25 for example) rather than to expand this practice to bidirectional brokenness.
> 
> Owen
> 
> Sent from my iPad
> 
> On Sep 3, 2010, at 12:25 PM, Zhiyun Qian <zhiyunq at umich.edu> wrote:
> 
>> I skimmed through these specs. They are useful but seems only related specific to IP spoofing prevention. I see that IP spoofing is part of the asymmetric routing story. But I was more thinking that given that IP spoofing is not widely adopted, the other defenses that they can more perhaps more easily implement is to block incoming traffic with source port 25 (if they already decided to block outgoing traffic with destination port 25). But according to our study, most of the ISPs didn't do that at the time of study (probably still true today).
>> 
>> -Zhiyun
>> On Sep 2, 2010, at 9:20 PM, Suresh Ramasubramanian wrote:
>> 
>>> BCP38 / RFC2827 were created specifically to address some quite
>>> similar problems.  And googling either of those two strings on nanog
>>> will get you a lot of griping and/or reasons as to why these aren't
>>> being more widely adopted :)
>>> 
>>> --srs
>>> 
>>> On Fri, Sep 3, 2010 at 7:47 AM, Zhiyun Qian <zhiyunq at umich.edu> wrote:
>>>> Suresh, thanks for your interest. I see you've had a lot of experience in fighting spam, so you must have known this. Yes, I know this spamming technique has been around for a while. But it's surprising to see that the majority of the ISPs that we studied are still vulnerable to this attack.  That probably indicates that it is not as widely known as we would expect. So I thought it would be beneficial to raise the awareness of the problem.
>>>> 
>>>> In terms of more results, the paper is the most detailed document we have. Otherwise, if you interested in the data that we collected (which ISPs or IP ranges are vulnerable to this attack). We can chat offline.
>>>> 
>>>> Regards.
>>>> -Zhiyun
>>> 
>>> 
>> 
> 





More information about the NANOG mailing list