The Monday 2004-09-27 at 20:47 -0500, Gary wrote:
C> Mmm... interesting idea. I doubt a large provider for dial up can do it C> (block 25), though. It means configuring on the fly some kind of firewall, C> because you never know on which access router he is going to connect, not C> even on what phone exchange.
Yes, they (ISPs) can do it very easily. All ISPs are assigned a block of IP addresses for their service, and these (depending on size of ISP) Class B, etc., are further subdivided into subnets. ISP routers/firewalls can very easily block IP ranges for any port as they wish within their assigned range, trivially. Phone exchange or access routers plays no roll in this case, as the client must be assigned to use an IP address which was assigned to the ISP. <g> They can even define certain IP blocks in their control for DSL customers, and certain blocks for dial-up customers, and limit port 25 subjectively if they wish..
Ah, but you missed part of the point :-) The point was to block port 25 by default, except for some clients requesting it. I think that doing that, ie, blocking or not blocking, based on the login fo the user is not so easy. The hardware I know would certainly make it difficult, a thousand users logged into the same access router and going out through the same ethernet cable... how do you selectively firewall some ports and not another based on login data (dial up, remember)? ie, one IP has it blocked, another would not. Data for this would be fed by the radius server. Maybe I haven't mentioned it before, but I worked for a time for a big provider, telehone network side :-) Doable... perhaps. Economic... I wonder. They do not have any kind of firewall now, the network is transparent.
for example... AOL has these blocks for dial up use (they have others too)
172.178.0.0/16 172.179.0.0/16 172.183.0.0/16 172.206.0.0/16
A lot of spam used to come from them until they started blocking 25. I now see none from them as a matter of fact, over the last several months.
I don't deny that. But they would block my writing here, if I were their client. -- Cheers, Carlos Robinson