Re: ingress SMTP
Justin Scott said:
Your comment about "exceptions for customers that prove they know how to lock down" is not based in reality, frankly. Have you ever tried to have Joe Sixpack call BigISP support to ask for an exception to a port block on his consumer-class connection with a dynamic IP? That's a wall that I would not be willing to ask my customers to climb over.
iiNet a reasonably sized Aussie ISP has a web page (specifially part of the 'My Account' page) where you can, with a simple check box, choose to have commonly abused ports blocked *for outgoing connections* or not. Last time I looked the ports blocked were: Port 25 Port 137 Port 138 Port 139 Port 445 How the back end works I don't know, but it is pretty seemless to the user, as I opted out of the block as soon as I connected. Their tech support is reasonably unintelligent at level 1, but even they were able to understand my problem and explain where the checkbox was so that within 35 seconds of taking the call my servers were open to the Internet in both directions. Regards, Matthew
iiNet a reasonably sized Aussie ISP has a web page (specifially part of the 'My Account' page) where you can, with a simple check box, choose to have commonly abused ports blocked *for outgoing connections* or not.
That's great, and an excellent solution. Unfortunately many of the larger providers here in the United States are not as enlightened from my experience. Of course, YMMV. -Justin Scott
http://www.iadl.org/sorbs/sorbs-story.html For an account of Mr. Sullivan's assertions that IP blocks used by AV8 Internet are hijacked. I'm going to put up a page fairly soon about Mr. Vixie's changing support of SORBS. It seems that many people don't like SORBS, and to those people, Vixie says he has nothing to do with SORBS. But to others, Vixie is willing to discuss the SORBS business model '1x1'. Hmm. Sounds like that intercage discussion a bit. --Dean On Thu, 16 Oct 2008 matthew@sorbs.net wrote:
----- Original Message ----- From: "Tuc at T-B-O-H.NET" <ml@t-b-o-h.net> Date: Thursday, October 16, 2008 10:39 am Subject: Re: The DDOS problem & security BOF: Am i mistaken?
<big snip>
contains "So Harris banned me from NANOG." . Not sure if thats the meeting,the NANOG list, or one of the NANOG/Merit other lists. Also, in :
http://www.iadl.org/nanog/nanog-story.html
I see "So, effective May 4 2005, Harris again banned Anderson. Although the new "reformed" rules require a limit of 6 months, Anderson remains banned as of April 16th, 2006. It seems permanent."
but I think that refers to another NANOG group, dnsop.
Yeah and he still doesn't learn ;-)
M
-- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000
participants (3)
-
Dean Anderson
-
Justin D. Scott
-
matthew@sorbs.net