[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ISP port blocking practice

Subject: ISP port blocking practice
From: justin at justinshore.com (Justin Shore)
Date: Fri, 23 Oct 2009 17:43:32 -0500
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>

Dan White wrote:
> On 23/10/09 17:58 -0400, James R. Cutler wrote:
>> Blocking the well known port 25 does not block sending of mail. Or the
>> message content.
> 
> It does block incoming SMTP traffic on that well known port.

Then the customer should have bought a class of service that permits 
servers.

>> I think the relevant neutrality principle is that traffic is not blocked
>> by content.
> 
> My personal definition doesn't quite gel with that. You're deciding for the
> customer how they can use their connection, before you have any evidence of
> nefarious activity.

They decided for themselves when they bought a residential connection 
instead of a business circuit.  Just because someone bought themselves a 
Camry doesn't mean that Toyota is deciding for them that they can't haul 
1000lbs of concrete with it.  The customer did when they decided to buy 
a car and not a pickup.

> Would you consider restricting a customer's outgoing port 25 traffic to a
> specific mail server a step over the net neutrality line?

I do this all the time.  For example I don't let my customers send or 
receive mail (or any traffic for that matter) from prefixes originating 
from AS32311 (Colorado spammer Scott Richter).  Now if I was blocking 
mail to dnc.org, gop.com, greenpeace.org, etc or restricting Vonage to 
.05% of my bandwidth then yeah that would violate net neutrality 
principles.  The difference is one stifles speech and is 
anti-competitive.  The other mitigates a network security and stability 
risk.

I see this same argument on Slashdot all too often.  It's usually 
bundled with an argument against providers doing any sort of traffic 
aggregation ("if I buy 1.5Mbps then it should be a dedicated pipe 
straight to the Internet!")  Unfortunately that's simply not reality. 
You can either live with a small level of controls on your traffic for 
the sake of stability and security or you can have wide-open ISPs with 
no security prohibitions whatsoever.  The support costs for the ISPs go 
through the roof and of course that gets passed onto the customer.  Your 
5 9s SLA gets replaced with "use it while you can before it goes down 
again".  Everyone pays a penalty for having a digital Wild West.  Not to 
start another thread on a completely OT topic but the same concept can 
be applied to other things like health care.  Either everyone can pay a 
little bit for all to have good service or many average consumers can 
pay lots to make up the losses for those that can't pay at all.

Justin

Follow-Ups:
- ISP port blocking practice
  - From: dwhite at olp.net (Dan White)
- ISP port blocking practice
  - From: owen at delong.com (Owen DeLong)
- ISP port blocking practice
  - From: mysidia at gmail.com (James Hess)

References:
- ISP port blocking practice
  - From: zhiyunq at umich.edu (Zhiyun Qian)
- ISP port blocking practice
  - From: justin at justinshore.com (Justin Shore)
- ISP port blocking practice
  - From: owen at delong.com (Owen DeLong)
- ISP port blocking practice
  - From: justin at justinshore.com (Justin Shore)
- ISP port blocking practice
  - From: lriemer at bestline.net (Lee Riemer)
- ISP port blocking practice
  - From: james.cutler at consultant.com (James R. Cutler)
- ISP port blocking practice
  - From: dwhite at olp.net (Dan White)

Prev by Date: ISP port blocking practice
Next by Date: ISP port blocking practice
Previous by thread: ISP port blocking practice
Next by thread: ISP port blocking practice
Index(es):
- Date
- Thread