That's the problem isn't it? Who decides what can and cant go through. I think the tier approach is better, a basic user account where everything is blocked and a Sysadmin type account where everything is open. If the price is different enough then only people who are going to use those extra ports will actually pay for it. -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Scott Weeks Sent: Friday, March 07, 2008 5:57 PM To: nanog@merit.edu Subject: Re: Customer-facing ACLs --- dave.nanog@alfordmedia.com wrote:
To me there is no question of whether or not you filter traffic for residential broadband customers.
SBC in my area (Dallas) went from wide open to outbound 25 blocked by default/opened on request. I think doing the same thing with port 22 would hardly be an undue burden on users, and would help keep botnets in check. ------------------------------------------------ Might as well do TCP 20, 21 and 23, too. Woah, that slope's getting slippery! scott CONFIDENTIALITY AND SECURITY NOTICE The contents of this message and any attachments may be confidential and proprietary and also may be covered by the Electronic Communications Privacy Act. This message is not intended to be used by, and should not be relied upon in any way by, any third party. If you are not an intended recipient, please inform the sender of the transmission error and delete this message immediately without reading, disseminating, distributing or copying the contents. Citadel makes no assurances that this e-mail and any attachments are free of viruses and other harmful code.