Firewall Wizards mailing list archives
Re: outbound traffic security risk
From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Tue, 23 Mar 2004 21:59:28 +0530
On 23/03/04 11:25 -0500, Mitchell Rowton wrote:
<snip> Ahem! ISPs are /not/ corporate providers. They should NOT be blocking stuff (currently, NetBIOS and a bunch of MS ports exempted, and port 25 outbound, but thats a different beast.) </snip> Thats why i gave an example of how an ISP can't block http but should block msrpc and sql, sounds like we are on the same page but the "Ahem!" leads me to think you are disagreeing..?
Mostly disagreeing. Blocking is the final solution to an issue, if nothing else works. We are on the same page, with me adding a caveat about the default policy for ISPs and corporate networks (default allow against default deny).
I think some ISP's which are focused toward non-technical users could (and do) add value to their service by providing basic filtering and protect users from the above example ports. This should of course be agreed upon by the customer before filtering. In most cases, most customers, would want a minimum amount of protection.
My ISP blocks, and charges money to be unblocked. I still don't have working ICMP and a whole lot of other crap on the network. I really have no better ISP right now, though the market might hopefully change with new entrants in a few months.
You shouldn't think of this as taking away your rights and freedom on the internet to not be filtered. I chose my ISP because I didn't want to be filtered, and they don't filter. But I wouldn't agree with a general statement that ISPs should NOT be blocking stuff. Users should have the option of having a minimum amount of protection, they should have the option of choosing an ISP that provides this service. If more users chose ISP's that provide this service then entire categories of risks on the internet would be mitigated significantly.
I have no issues with an ISP offering to manage a firewall for the ned user and charging for it. I have no objection to ISPs blocking ports on request by customers. I do have issues with general blocking of ports by ISPs by default. Devdas Bhagat _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- outbound traffic security risk Hilal Hussein (Mar 23)
- Re: outbound traffic security risk Paul D. Robertson (Mar 23)
- Re: outbound traffic security risk Holger Kipp (Mar 23)
- Re: outbound traffic security risk Don Kendrick (Mar 23)
- Re: outbound traffic security risk Don Kendrick (Mar 24)
- <Possible follow-ups>
- Re: outbound traffic security risk Mitchell Rowton (Mar 23)
- Re: outbound traffic security risk Devdas Bhagat (Mar 23)
- Re: outbound traffic security risk Mitchell Rowton (Mar 24)
- Re: outbound traffic security risk Devdas Bhagat (Mar 24)