Re: [fw-wiz] outbound traffic security risk
From: Devdas Bhagat (devdas_at_dvb.homelinux.org)
Date: 03/23/04
- Previous message: Mitchell Rowton: "Re: [fw-wiz] outbound traffic security risk"
- Maybe in reply to: Hilal Hussein: "[fw-wiz] outbound traffic security risk"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Tue, 23 Mar 2004 21:59:28 +0530
On 23/03/04 11:25 -0500, Mitchell Rowton wrote:
> <snip>
>
> Ahem! ISPs are /not/ corporate providers. They should NOT be blocking
> stuff (currently, NetBIOS and a bunch of MS ports exempted, and port
> 25
> outbound, but thats a different beast.)
>
> </snip>
>
> Thats why i gave an example of how an ISP can't block http but should
> block msrpc and sql, sounds like we are on the same page but the "Ahem!"
> leads me to think you are disagreeing..?
Mostly disagreeing. Blocking is the final solution to an issue, if
nothing else works. We are on the same page, with me adding a caveat
about the default policy for ISPs and corporate networks (default allow
against default deny).
> I think some ISP's which are focused toward non-technical users could
> (and do) add value to their service by providing basic filtering and
> protect users from the above example ports. This should of course be
> agreed upon by the customer before filtering. In most cases, most
> customers, would want a minimum amount of protection.
My ISP blocks, and charges money to be unblocked. I still don't have
working ICMP and a whole lot of other crap on the network.
I really have no better ISP right now, though the market might hopefully
change with new entrants in a few months.
> You shouldn't think of this as taking away your rights and freedom on
> the internet to not be filtered. I chose my ISP because I didn't want
> to be filtered, and they don't filter. But I wouldn't agree with a
> general statement that ISPs should NOT be blocking stuff. Users should
> have the option of having a minimum amount of protection, they should
> have the option of choosing an ISP that provides this service. If more
> users chose ISP's that provide this service then entire categories of
> risks on the internet would be mitigated significantly.
I have no issues with an ISP offering to manage a firewall for the ned
user and charging for it. I have no objection to ISPs blocking ports on
request by customers.
I do have issues with general blocking of ports by ISPs by default.
Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Mitchell Rowton: "Re: [fw-wiz] outbound traffic security risk"
- Maybe in reply to: Hilal Hussein: "[fw-wiz] outbound traffic security risk"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
