RE: ISPs' willingness to take action
Brian.. I would agree with you that sometimes, you can't offer "filtered pipe" services to everyone and expect the same general acceptance of the product across the board. However, how much liability should a business take-on when abuse@ accounts are filling up daily because hundreds of customers not keeping up with Windows Update? We put in filters our WAN a few months back when everyone was feeling the wraths of the various Windows exploit of the week. Still today, we make no exceptions to this rule. We've even lost a few customers in the process, I'm sure. My issue is that in most cases (minus a few exceptions, of course) service providers are bombarded with complaints from customers that a) don't know how to change the default Exchange ports away from 135/139 or the security risk in broadcasting 135/139 to the world, b) didn't think they should have to worry about it (even as they were broadcasting from infected servers and machines on their network), or c) have a textbook MCSE, crash-course CCNA network administrator/consultant didn't really have an understanding of what was going on or how they should respond to it. Personally, I'm beginning to feel doubt that the technology industry will be able to maintain the level of competence and respect that we all need and deserve to have. I can't imagine what the health care industry would be like if ignorance was embraced as well as it seems to be in the technology industry. -Adam
Problem is, some applications, like Outlook for example (if I remember correctly), like to >use the 135, 137, 139 and others to connect to the Exchange server. You block them, and it will start to croak. You have a lot of home users not using a VPN to connect to their office exchange servers. I used to do this myself at times.
When you sell a service to someone, and neglect to mention you block certain incoming ports, especially to a possible business user or home user trying to access their office, >you put yourself in a really bad position.
By the way, can anybody explain to me a legitimate use for port 135/137 traffic across the Internet, like it's somebody's private LAN? Seems to me anybody who still thinks that's legitimate is living in the past.
So, the big question: why don't ISPs do more of this? Are they afraid of client reaction? Doesn't wash, for me: most clients would be highly grateful, and all it really takes for the remainder is fair warning. Cost? Again, you can judge for yourselves how low the fruit you choose to pick; the biggest gains have the best ROI.
Happy clients, liberated bandwidth, faster servers -- what's to loose?
On Sun, 26 Oct 2003, Adam Hall wrote:
Personally, I'm beginning to feel doubt that the technology industry will be able to maintain the level of competence and respect that we all need and deserve to have. I can't imagine what the health care industry would be like if ignorance was embraced as well as it seems to be in the technology industry.
Have you been to a doctor lately? Antibiotics are the doctor's version of "reboot your PC". No need for any fancy tests. You might have strep throat or a simple virus. Who cares, throw drugs at it regardless of the long-term harm that causes. This country is going down the crapper fast because no one can think 10 minutes ahead of where they're at. It's not just the computer business, it's not just the healthcare system, it's everything. No one wants to think things through, and those that do don't get along, so the net result from them is zero. The one thing that might make you feel better is that nothing is going to blow up next week, it will just get marginally worse day by day until things deteriorate to say, the state that our public education system is in (or thereabouts). Charles
-Adam
Problem is, some applications, like Outlook for example (if I remember correctly), like to >use the 135, 137, 139 and others to connect to the Exchange server. You block them, and it will start to croak. You have a lot of home users not using a VPN to connect to their office exchange servers. I used to do this myself at times.
When you sell a service to someone, and neglect to mention you block certain incoming ports, especially to a possible business user or home user trying to access their office, >you put yourself in a really bad position.
By the way, can anybody explain to me a legitimate use for port 135/137 traffic across the Internet, like it's somebody's private LAN? Seems to me anybody who still thinks that's legitimate is living in the past.
So, the big question: why don't ISPs do more of this? Are they afraid of client reaction? Doesn't wash, for me: most clients would be highly grateful, and all it really takes for the remainder is fair warning. Cost? Again, you can judge for yourselves how low the fruit you choose to pick; the biggest gains have the best ROI.
Happy clients, liberated bandwidth, faster servers -- what's to loose?
Recently, spork@inch.com (Charles Sprickman) wrote:
This country is going down the crapper fast because no one can think 10 minutes ahead of where they're at. It's not just the computer business, it's not just the healthcare system, it's everything. No one wants to think things through, and those that do don't get along, so the net result from them is zero.
Good thing this is just one country among many, then. :) Matt
participants (3)
-
Adam Hall
-
Charles Sprickman
-
matt@petach.org