Home page logo

nanog logo nanog mailing list archives

Re: Port blocking last resort in fight against virus
From: Joe Provo <nanog-post () rsuc gweep net>
Date: Thu, 14 Aug 2003 16:24:55 -0400

On Tue, Aug 12, 2003 at 12:11:48PM -0500, John Palmer wrote:
Yes, some providers however react improperly to certain situations 
and do not listen to their paying customers.

RCN in Chicago is one example. One day, they just started blocking 
outbound port 25 on their network. Now, I use other SMTP servers
other than the RCN one. In my case, they're my servers and all I 
have to do is set up my SMTP to listen on an additional port. For 
others, they aren't so lucky and may have a legitimate gripe with 
them for censoring traffic. 

If I recall correctly, that was a reaction to abuse, which was
done network wide for the basic class of residential customers. 
Enforcement of a 'no servers' clause for HTTP is also common 
among broadband providers.  

But to get back on topic...

In the case of 135-139, no one who uses these ports legitimatly 
should have a need to use them "in the wild" unless in a tunnel. 

Yup. Back in the day good old windows 3.1 had access control 
problems and tried to share information in classful broadcast 
boundaries. Blocking these netb* ports was effective across-
the-board protection and anyone who called with an issue got 
educated and fixed.  This is all about the edges, and frankly 
even with all messages regarding "The Backbone", I can't think 
about any "backbone" who isn't an edge.  Everyone should police 
their edges for their own customers' sake, and be willing to 
help customers' policing efforts when asked. 

Seems there's an undercurrent of willfull ignorance that 
perpetuates all sorts of abuse.  Once upon a time we studied 
for what purpose our networks were used, and were able to 
optimize for the traffic that was in demand, making customers 
happy. There just happened to be a side effect of squashing
badness that was purposeful along with that which was just
'brokeness'. Perhaps if we were all paying more attention 
to what purposes the networks were being used, even if it is 
because of brokeness this time, we'd wind up optimizing and
making customers happy?

I'm all for the invisible system administrator and the 
transparent network, but there is a business case for visible
differentiation, giving the customers a reason to stay. It
is nice when that differentiation isn't based on marketing
glossies and run-from-chapter-11 fire sale pricing but the 
actual (technical) product.



             RSUC / GweepNet / Spunk / FnB / Usenix / SAGE

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]