Despamming wholesale dialup

Greg A. Woods woods at most.weird.com
Thu Oct 29 16:43:54 UTC 1998


[ On Wed, October 28, 1998 at 23:40:34 (-0800), Roeland M.J. Meyer wrote: ]
> Subject: Re: Despamming wholesale dialup
>
> I disagree, but the mechanism for implementing this involves making the
> customer buy an SSH client. They connect with a VPN tunnel and the problem
> goes away, as long as port 22 is available. The problem is that many
> firewall admins think port 22 is a security hole (back-door). After all,
> when the port is named "security" that means you're supposed to block it,
> right? The point is that often ports 25, 80, and 110 are the only
> legitimate means of access. We've even had to run SSL on port 80 for some
> customers because their local firewall only allowed port 80.

That's an even better way virtual ISPs can provide access to "virtual"
services.  (It's better for both the client and the vISP because it
means no data in the raw across joe-who's dial-up networks and the rest
of the internet.)

The issues surrounding this scheme that come from brain-dead firewall
administrators who don't really understand what's going on, or from
brain-dead users who are ignoring their company security policy and
trying to access virtual ISPs from within their company network, are of
course very real, but they're not show-stoppers as you've proven.

> You whole scheme fails because of over-loaded middle-man charges. Too many
> pint-sized bills from too many sources. The accounting alone would be a
> nightmare. 

Actually, no, it doesn't, at least in the case of the one such dial-up
brokerage service I mentioned.  They do all the accounting for you.  It
even integrates directly into your own dial-up accounting if you happen
to have dial-up ports too.  I don't think they currently return the SMTP
server's IP to the dial-up providor, but the dial-up provider can
probably be reasonably sure that such a user isn't likely to spam.  Of
course if this method of doing business for bulk dial-up becomes
predominant and bulk ISPs begin to block port 25 as described above then
it will be necessary for the broker to facilitate transmittal of
information necessary for more secure dial-up port filters.

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods at acm.org>      <robohack!woods>
Planix, Inc. <woods at planix.com>; Secrets of the Weird <woods at weird.com>



More information about the NANOG mailing list