ISP port blocking practice

Robert Beverly rbeverly at
Thu Sep 9 20:45:06 UTC 2010

On Thu, Sep 02, 2010 at 04:59:57PM -0500, Zhiyun Qian wrote:
> One of the high-level findings is that we developed probing techniques
> to verify that indeed most ISPs are only blocking 1) "outgoing traffic
> of destination port 25" instead of 2) "incoming traffic with source
> port 25", which means that these ISPs are vulnerable to the assymetric
> routing attack.

Folks interested in port blocking may also find useful another
academic work we did a few years ago that sought to broadly
characterize the prevalence of port blocking, albeit under the guise
of neutrality:

While we found that email ports (e.g. 25, 110, 143) were more than
twice as likely to be blocked than a control port, other ports such as
136 were more widely blocked (136 is an innocuous profile port, but
often suffers collateral damage because it lies between the microsoft
and netbios 135-139 ports).

Also, the asymmetric spam problem is covered in some detail in our
2009 IMC spoofer paper:


More information about the NANOG mailing list