Home page logo

nanog logo nanog mailing list archives

Re: What if it doesn't affect the ISP? (was Re: What do you want your ISP to block today?)
From: "Christopher X. Candreva" <chris () westnet com>
Date: Sun, 31 Aug 2003 10:46:10 -0400 (EDT)

On Sun, 31 Aug 2003, Matthew Palmer wrote:

dodgy behaviour (spoofed source addresses, for one).  Yes, port 135 is a
known vector, and so is 4444 now, but they have their legitimate uses.  If

OK, here's an alternative viewpoint.

We're an ISP. I'm blocking 135 and the other netbios ports inbound on my
clients dial-up/dsl lines because if I didn't, the lines would be useless.

Client side firewalls are great, but by the time they can do anything the
traffic is already over the line. It doesn't take much traffic at all to
overload a dial-up, and every virus flare-up puts a noticeable impact on DSL

I'll unblock for a client that asks. The only one who asked, sheepishly
asked for it to be put back less than an hour later. They couldn't do
anything with the line.

It's all well and good to say how things 'should' be, but reality has a way
of not caring how things should be.

Chris Candreva  -- chris () westnet com -- (914) 967-7816
WestNet Internet Services of Westchester

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]