North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: mail service with no mx (was - Re: Computer systems blamed for feeble hurricane response?)
On Tue, Sep 13, 2005 at 04:31:05PM -0700, william(at)elan.net wrote: > On Wed, 14 Sep 2005, Roy Badami wrote: > > > william(at)elan> Could you elaborate on how firewall will > > william(at)elan> determine if the connection is from mail server > > william(at)elan> or from telnet on port 25? > > > >Perhaps because most telnet clients will attempt telnet option > >negotiation? If so one could avoid this by using a client such as > >netcat... > > Telnet option negotiation is at Layer 7 after TCP connection has been > established. Firewalls typically don't operate at this level (TCP session > is Layer 4 if I remember right) and would refuse or reject (difference > type of ICMP response) based solely on attempt to connect to certain > ip or certain TCP/UDP port. You're talking about the packet filters that marketeers sell as "firewalls". The best firewalls operate at the application layer. And, yes, that's an OPINION, no need to rave. -- Joe Yao ----------------------------------------------------------------------- This message is not an official statement of OSIS Center policies.
|