mailing list archives
Re: Port blocking last resort in fight against virus
From: Joe Provo <nanog-post () rsuc gweep net>
Date: Thu, 14 Aug 2003 16:24:55 -0400
On Tue, Aug 12, 2003 at 12:11:48PM -0500, John Palmer wrote:
Yes, some providers however react improperly to certain situations
and do not listen to their paying customers.
RCN in Chicago is one example. One day, they just started blocking
outbound port 25 on their network. Now, I use other SMTP servers
other than the RCN one. In my case, they're my servers and all I
have to do is set up my SMTP to listen on an additional port. For
others, they aren't so lucky and may have a legitimate gripe with
them for censoring traffic.
If I recall correctly, that was a reaction to abuse, which was
done network wide for the basic class of residential customers.
Enforcement of a 'no servers' clause for HTTP is also common
among broadband providers.
But to get back on topic...
In the case of 135-139, no one who uses these ports legitimatly
should have a need to use them "in the wild" unless in a tunnel.
Yup. Back in the day good old windows 3.1 had access control
problems and tried to share information in classful broadcast
boundaries. Blocking these netb* ports was effective across-
the-board protection and anyone who called with an issue got
educated and fixed. This is all about the edges, and frankly
even with all messages regarding "The Backbone", I can't think
about any "backbone" who isn't an edge. Everyone should police
their edges for their own customers' sake, and be willing to
help customers' policing efforts when asked.
Seems there's an undercurrent of willfull ignorance that
perpetuates all sorts of abuse. Once upon a time we studied
for what purpose our networks were used, and were able to
optimize for the traffic that was in demand, making customers
happy. There just happened to be a side effect of squashing
badness that was purposeful along with that which was just
'brokeness'. Perhaps if we were all paying more attention
to what purposes the networks were being used, even if it is
because of brokeness this time, we'd wind up optimizing and
making customers happy?
I'm all for the invisible system administrator and the
transparent network, but there is a business case for visible
differentiation, giving the customers a reason to stay. It
is nice when that differentiation isn't based on marketing
glossies and run-from-chapter-11 fire sale pricing but the
actual (technical) product.
RSUC / GweepNet / Spunk / FnB / Usenix / SAGE
RE: Port blocking last resort in fight against virus Matthew Kaufman (Aug 13)
RE: Port blocking last resort in fight against virus Mark Segal (Aug 12)
RE: Port blocking last resort in fight against virus McBurnett, Jim (Aug 13)
RE: Port blocking last resort in fight against virus Temkin, David (Aug 13)
Re: Port blocking last resort in fight against virus Steven M. Bellovin (Aug 13)
Re: Port blocking last resort in fight against virus Joe Provo (Aug 14)
- RE: Port blocking last resort in fight against virus, (continued)