On Mon, 20 Nov 2000 09:21:10 MST, Ehud Gavron said:
It is clear (to me) that customers who get a connection to the net do NOT want that connection limited nor censored.
Unfortunately, it's NOT clear that this is the case. The average customer just THINKS they want something. The question of whether it's something actually reasonable to do is a different issue....
What doesn't make sense in that argument is why you couldn't just simply upsell the customer to a managed fw solution etc if that's the concern. Educate them, and let them decide based on the education they received.
Remember - the *reason* this is a point worth discussing at *ALL* is because such a large percentage of customers don't have a CLUE - if (for instance) 98% of the shops had enough clue to close down open shares, we'd not be seeing so many scans for them.
Well, again, I don't believe in 'censoring' traffic by default. I do believe in offering options for those people who decide to do so and can't/don't want to do it themselves.
I suspect that if a large percentage of Tier 1/2 carriers actually filtered ports 137 through 139, we'd not be seeing anywhere near the amount of QAZ and similar activity.
I wouldn't be so sure, particularly because of the legal exposure...
And as has been pointed out, you can ALWAYS punch a hole in the filter for customers who like to live risky, or they can find other ways to tunnel their packets.
At SP scale? Think again. Cheers, Chris -- Christian Kuhtz <ck@arch.bellsouth.net> -wk, <ck@gnu.org> -hm Sr. Architect, Engineering & Architecture, BellSouth.net, Atlanta, GA, U.S. "I speak for myself only."