Re: Would you pay more ...

[Joe Barrett <barrettj () wam umd edu>]

Actually, I refuse to use a broadband ISP unless I'm "allowed to host
servers" and they leave all ports open for me.  I certainly see the
security reasons for blocking them, but I don't think that the ISP should
get to charge extra to not block ports.

Instead, how about if the ISP blocked all ports by default, but if you
asked, they'd open them?  That wouldn't be that complicated of a change -
and it would help with the security issues.

Joe Barrett

On Fri, 2 Jul 2004, Jeff wrote:

> Regarding standard consumer broadband connections ...
>
> Would you pay more to only have the following destination ports open
> to the internet originating from your broadband modem:
>
>       tcp  21 - ftp
>       tcp  22 - ssh
>       tcp  25 - smtp
> tcp, udp  53 - dns
>       tcp  80 - www
>       tcp 110 - pop3
>       tcp 119 - nntp
>       udp 123 - ntp
>       tcp 443 - secure www
>
> (Arguments for/against specific ports solicited. I purposely left
> some out that I don't use. Curious how significant they are to
> others. IMAP4 and icmp protocols come to mind)
>
> ALTERNATIVELY, would you like it if this was the STANDARD package and
> additional ports were considered optional, and required payment.
>
> LASTLY, this could start out as the NEW Secure way to go! It simply
> requires that your existing cable modem be upgraded (replaced) at a
> cost of $50-$75. All new installations would recieve these as part
> of the std pkg.
>
> (I know some small businesses that would LOVE to have this. I know
> because they've called me to resolve some "weird problems" and look
> at me funny when I tell them that they should have had a firewall all
> along.)
>
> I would REALLY like to hear from those of you that work in the ISP
> field. I have always been on the receiving end of an ISP -- never
> worked in that trench. But I suspect that this type of firewall could
> be built into every single cable/dsl modem used at little expense.
> Indeed, could save lots of money on bandwidth.
>
> Consider Grandma now ... she typically isn't a gamer and need other
> ports open. Nor does she work at home and require a vpn. BUT she is
> the MOST likely to get hit by some exploit, and it's her damned box
> (x 1,000,000) uselessly eating up bandwidth because some smart-aleck
> *&#$ing script kiddie bas(*&#$
>
> .... ohm-yelli-mon ... ohm-yelli-mon ... OK, ok, better.
>
>
> Jeff
>
>
>
> ---------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------