Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Comcast using IPS to protect the Internet from their home user clients?
From: Frank Knobbe <frank () knobbe us>
Date: Wed, 10 Mar 2004 15:16:34 -0600

On Wed, 2004-03-10 at 14:44, Exibar wrote:
I know the "feeling" behind what you typed, but you really don't mean
you typed.  Filtering should not be done by the ISPs, they should
provide a
pipe, and that's it. [...]  If the ISP's start filtering traffic,
scanning E-mail for viruses, etc,
they are getting close to censorship in my eyes.  They're also
themselves from "common carrier" status in the eyes of the law too I

Heya Exibar,

I tend to think of a "common carrier" as a T-1 provider, and perhaps
most DSL providers. By end-user ISP like MSN, AOL, or cable services
seem to be better described as consumer carriers. The main
differentiators being the ease of use (just plug it in and get an IP via
DHCP) and of course the level of "clue" of the technical "staff".

That said, I would support certain filtering (like blocking inbound or
outbound SMTP connections) as long as it is done indiscriminately. By
that I mean it is okay to filter port 25 across the board, but it should
not be okay to filter on some content that the carrier deems is
inappropriate (as that definition most likely varies between carrier and
consumer). If certain criteria is applied, I would agree, I would be
similar to censorship. After all, I should have the right to receive my
Viagra ads and Nigerian investment opportunities. :)

Spam filtering and virus checking should occur on the carriers email
gateways/hosts, and not on the wire itself. I should have the right to
receive all the viruses I want in my email (perhaps for legitimate
research). As far as filtering inline, if it occurs on fixed critera
(i.e. port 25), I'm okay with it (even though I may not like it. As I
said, as long as I can tunnel around it, I'm fine :)  

But if filtering occurs inline on undefined critera, then it may be of
concern. That is the reason that I posted the question if anyone else
had noticed that "some" filtering on "some" content is occurring.


PS: The Infoworld article Tom mentioned seems to deal more with detect
and manual punishment. I'm okay with that as well. As long as they don't
use automated tools to turn peoples modems off when the IDS triggers on
a possible false alert.

Attachment: signature.asc
Description: This is a digitally signed message part

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]