Re: Port blocking last resort in fight against virus
On Tue, Aug 12, 2003 at 12:11:48PM -0500, John Palmer wrote: [snip]
Yes, some providers however react improperly to certain situations and do not listen to their paying customers.
RCN in Chicago is one example. One day, they just started blocking outbound port 25 on their network. Now, I use other SMTP servers other than the RCN one. In my case, they're my servers and all I have to do is set up my SMTP to listen on an additional port. For others, they aren't so lucky and may have a legitimate gripe with them for censoring traffic.
If I recall correctly, that was a reaction to abuse, which was done network wide for the basic class of residential customers. Enforcement of a 'no servers' clause for HTTP is also common among broadband providers. But to get back on topic...
In the case of 135-139, no one who uses these ports legitimatly should have a need to use them "in the wild" unless in a tunnel. [snip]
Yup. Back in the day good old windows 3.1 had access control problems and tried to share information in classful broadcast boundaries. Blocking these netb* ports was effective across- the-board protection and anyone who called with an issue got educated and fixed. This is all about the edges, and frankly even with all messages regarding "The Backbone", I can't think about any "backbone" who isn't an edge. Everyone should police their edges for their own customers' sake, and be willing to help customers' policing efforts when asked. Seems there's an undercurrent of willfull ignorance that perpetuates all sorts of abuse. Once upon a time we studied for what purpose our networks were used, and were able to optimize for the traffic that was in demand, making customers happy. There just happened to be a side effect of squashing badness that was purposeful along with that which was just 'brokeness'. Perhaps if we were all paying more attention to what purposes the networks were being used, even if it is because of brokeness this time, we'd wind up optimizing and making customers happy? I'm all for the invisible system administrator and the transparent network, but there is a business case for visible differentiation, giving the customers a reason to stay. It is nice when that differentiation isn't based on marketing glossies and run-from-chapter-11 fire sale pricing but the actual (technical) product. Cheers, Joe -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE
participants (1)
-
Joe Provo