nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ISPs as content-police or method-police

From: Ben Browning <benb () oz net>
Date: Mon, 20 Nov 2000 09:17:01 -0800

At 11:54 11/20/2000 -0500, Valdis.Kletnieks () vt edu wrote:

I suspect that if a large percentage of Tier 1/2 carriers actually filtered
ports 137 through 139, we'd not be seeing anywhere near the amount of QAZ and
similar activity.  And as has been pointed out, you can ALWAYS punch a hole
in the filter for customers who like to live risky, or they can find other
ways to tunnel their packets.
Well, we'd actually see a good deal of QAZ still, if Tier One was filtering it... QAZ primarily hunts in the same class C it lives in.
Aside from that, I certainly agree that it is not our job to dictate what our customers can or cannot do on the big-eye-nternet. What I also think is that it *is* our responsibility to maintain the sanctity of our networks. I don't see any customers up-in-arms because of the lack of directed broadcast services on most of our networks, and I think this situation is roughly analogous.
The point is this: 137-139 are used for NetBIOS and Samba, neither of which are secure (or even supported by their vendors, AFAIK) for use out on the Internet. I think we can all agree that anyone using them in that situation, shouldn't be. 


---
Ben Browning <benb () oz net>
oz.net Network Operations
Tel (206) 443-8000 Fax (206) 443-0500
http://www.oz.net/
Previous By Date Next
Previous By Thread Next

Current thread: