Port 25 filters - how many here deploy them bidirectionally?

Patrick W Gilmore patrick at ianai.net
Sun Jan 9 18:45:13 UTC 2005


On Jan 9, 2005, at 12:20 PM, John Levine wrote:

>> Please consider the situation of net abuse with the source address
>> being an infected PCs on a dialup pool that has port 25 filtering
>> enabled.
>> [ triangular routing ]
>
> Back when Ernesto Haberli was active, this was his trademark
> technique.  He'd burn through large numbers of dialup accounts, but
> hide the address of his high-speed connection.
>
> At the time he left the business a few years ago it worked pretty well
> and I gather he left because he'd run out of high speed ISPs to sign
> up with.  I'd be interested to know if triangular routing is used by
> particular people now, or is it just another trick thrown into the mix
> along with zombie proxies and such.

Imagine all those "high speed ISPs" who would never have been burned if 
they just followed BCPs and source filtered their customer base.  
Especially since broadband ISPs should be able to source filter easier 
than anyone, having fewer "issues" like multi-homed customers.  
(Ignoring the discuss of whether that is really an issue or not.)

But hey, who wants to actually make the network work better these days 
anyway?

-- 
TTFN,
patrick




More information about the NANOG mailing list