Believe it or not, there are. When I ran a large network at an unnamed ISP, we ran graphing on certain types of traffic, and an awful lot of our business customers were doing this - with their home users accessing their corp exchange servers with no VPN. The only thing I could guess is that they weren't willing to hire someone to do things right. There were certain situations why I had to do this personally. At the time, when I took over, there was no Exchange admin, and I was rather clueless on how to manage Exchange, so for quite a while I stumbled through trying to get things working correctly and properly securing it (and several times severely broke it). It was several months before I felt comfortable adjusting the main setup of the server so that it would work fine on my VPN hookup from the office network to the house. Its alot different now that I am familiar with Exchange. I was trying to get rid of exchange, but with the fact our corp office was a bunch of idiots who had no idea how to use anything else but outlook, made it nearly impossible to switch to a pure pop3/smtp setup with an online calendar and shared address book. -------------------------- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org ICQ: 8077511 ----- Original Message ----- From: "Stewart, William C (Bill), RTSLS" <billstewart@att.com> To: <nanog@merit.edu> Sent: Monday, October 27, 2003 1:27 AM Subject: Re: ISPs' willingness to take action Brian Bruns asserts that there are lots of home users connecting to their office Exchange servers without VPNs, and that therefore blocking the Microsoft ports was bad. While I agree with his point that you shouldn't do it without documenting what you are or are not blocking, I'm really surprised to hear the assertion that people are leaving unfirewalled Exchange servers out on the net. Is this actually common? /shudders...