On Thu, Sep 02, 2010 at 04:59:57PM -0500, Zhiyun Qian wrote:
One of the high-level findings is that we developed probing techniques to verify that indeed most ISPs are only blocking 1) "outgoing traffic of destination port 25" instead of 2) "incoming traffic with source port 25", which means that these ISPs are vulnerable to the assymetric routing attack.
Folks interested in port blocking may also find useful another academic work we did a few years ago that sought to broadly characterize the prevalence of port blocking, albeit under the guise of neutrality: http://rbeverly.net/research/papers/truck-pam07.html While we found that email ports (e.g. 25, 110, 143) were more than twice as likely to be blocked than a control port, other ports such as 136 were more widely blocked (136 is an innocuous profile port, but often suffers collateral damage because it lies between the microsoft and netbios 135-139 ports). Also, the asymmetric spam problem is covered in some detail in our 2009 IMC spoofer paper: http://rbeverly.net/research/papers/spoofer-imc09.html rob