RE: ISPs as content-police or method-police
From: Ben Browning [mailto:benb@oz.net] Sent: Monday, November 20, 2000 9:17 AM
The point is this: 137-139 are used for NetBIOS and Samba, neither of which are secure (or even supported by their vendors, AFAIK) for use out on the Internet. I think we can all agree that anyone using them in that situation, shouldn't be.
No, we cannot all agree to that. I cannot condone anyone else applying their ideology, by force or default, on someone else, unless specifically requested. As a downstream customer, the backbone is nearly unreachable from a services perspective. If CERFNET started to do port-filtering then the only means I (I assume that everyone here has sufficient clue to find my upstream) have to change that is to either sue CERFNET or start looking for an ISP that has a different backbone provider. CERFNET tech support will not even talk to second or third level customers. In essence, it eliminates the secondary re-seller market from contention. You risk getting sued, not only from the downstream customer, but your own downstream as well. The ONLY one that should be even dreaming about doing something like this is the direct upstream to the leaf nodes, and then ONLY with permission. Otherwise, no ports should ever be filtered by any transit provider. By God, we PAY for open pipes and there are standard remedies when we don't get what we pay for.
On Mon, Nov 20, 2000, Roeland Meyer wrote:
The ONLY one that should be even dreaming about doing something like this is the direct upstream to the leaf nodes, and then ONLY with permission. Otherwise, no ports should ever be filtered by any transit provider.
By God, we PAY for open pipes and there are standard remedies when we don't get what we pay for.
You know, I *do* believe in unfiltered access to the internet. So would all of you I bet. However, I do not have faith in even a little tiny chunk of the users who have access to the internet to have the slightest inkling of common sense. Yes, I have valid reasons to spoof packets here at home since I have a /24 routed here over a tunnel, but how many users would *you* give access to do this? [1] Now, I took the extra 30 minutes to figure out how to source-route packets in FreeBSD to make my return packets work over this tunnel. Why can't half-duplex satellite providers, to keep this example going, actually implement something similar, rather than requiring providers to spoof source addresses? I'd hate to see the internet dissolve further into having court cases decide what direction the internet takes. 2c, Adrian [1] Well, I *could* argue that since DoS *still* happens .. :-) -- Adrian Chadd "God: Damn! I left pot everywhere! <adrian@creative.net.au> Now I'll have to create Republicans!" - Bill Hicks
participants (2)
-
Adrian Chadd
-
Roeland Meyer