On Wed, Oct 26, 2011 at 19:24:23PM -0600, Owen DeLong wrote:
Firewalls are perfectly valid and I have no general objection to filtering packets based on the policy set by a site. What I object to is having someone I pay to move my packets tell me that they won't move some of those packets because they feel it is some form of best practice to eliminate my perfectly valid packets in order to prevent someone else from committing some form of abuse on the same protocol.
I object even more strenuously to someone who redirects my packets for their intended destination to some man in the middle attack destination of their choosing.
Would it be useful to slice this analysis into component parts, e.g. "Residential" (dynamic), "small" (single/handful, e.g. small business, colo, hosted web, VPS), and large (/24 and up), as what is defined as "moving packets" may be viewed significantly differently? For instance, what Residential customers are paying for seems to not necessarily be (strictly speaking) "just moving all of your packets", at least according to residential ToS' that I've read lately. -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York