Re: ingress SMTP

• From: matthew
• Date: Wed Sep 03 18:53:27 2008

• List-archive: <http://mailman.nanog.org/pipermail/nanog>
• List-help: <mailto:[email protected]?subject=help>
• List-id: North American Network Operators Group <nanog.nanog.org>
• List-post: <mailto:[email protected]>
• List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=subscribe>
• List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=unsubscribe>

Justin Scott said:
> 
> Your comment about "exceptions for customers that prove they know how to
> lock down" is not based in reality, frankly.  Have you ever tried to
> have Joe Sixpack call BigISP support to ask for an exception to a port
> block on his consumer-class connection with a dynamic IP?  That's a wall
> that I would not be willing to ask my customers to climb over.

iiNet a reasonably sized Aussie ISP has a web page (specifially part of
the 'My Account' page) where you can, with a simple check box, choose to
have commonly abused ports blocked *for outgoing connections* or not.

Last time I looked the ports blocked were:

Port 25
Port 137
Port 138
Port 139
Port 445

How the back end works I don't know, but it is pretty seemless to the
user, as I opted out of the block as soon as I connected.  Their tech
support is reasonably unintelligent at level 1, but even they were able
to understand my problem and explain where the checkbox was so that
within 35 seconds of taking the call my servers were open to the
Internet in both directions.

Regards,

Matthew

• Follow-Ups:
  • RE: ingress SMTP Justin D. Scott

• Prev by Date: Re: ingress SMTP
• Next by Date: Re: ingress SMTP
• Date Index
• Thread Index
• Author Index
• Historical