RE: [fw-wiz] ISP firewalling of residential customers - was - About Port Forwarding, Apache and Firewall Rules

• Previous message: Daniel Chemko: "RE: [fw-wiz] Linux Firewall Distributions"
• In reply to: Paul D. Robertson: "RE: [fw-wiz] ISP firewalling of residential customers - was - About Port Forwarding, Apache and Firewall Rules"
• Next in thread: Mason Schmitt: "Re: [fw-wiz] ISP firewalling of residential customers - was - About Port Forwarding, Apache and Firewall Rules"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Paul D. Robertson'" <paul@compuwar.net>
Date: Thu, 2 Sep 2004 14:00:23 -0400

> > one fairly large ISP now ships a broadband gateway with the firewall
>
> Who? Which gateway? Configured with what policy?

> Heck, I'm floored that someone's doing egress filtering by
> default! I would like to know who, their praises should be
> sung from the highest peaks!

Alltel. Efficient Speedstream 5200 and 5600 series. ICSA 3.0a standards
outbound, with no inbound connections accepted.

I was quite shocked myself. I don't think the policy has penetrated their
entire network by any means, but pretty much all customers who have signed
up in the last 6 months or so have it. I first noted it because of the
issues with Citrix ICA connectivity I mentioned earlier. Then a quick survey
of a number of folks revealed that it was pretty much a standard package
now.

--
Jonathan
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Daniel Chemko: "RE: [fw-wiz] Linux Firewall Distributions"
• In reply to: Paul D. Robertson: "RE: [fw-wiz] ISP firewalling of residential customers - was - About Port Forwarding, Apache and Firewall Rules"
• Next in thread: Mason Schmitt: "Re: [fw-wiz] ISP firewalling of residential customers - was - About Port Forwarding, Apache and Firewall Rules"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Ex2003 Rewrite domains ... Your default policy is set to the highest priority and sets the primary ... Yet another option is to set up an Exchange server as ... I think the easiest would be to search around for a transport event sink. ... >I was under the impression that that is only for OUTBOUND messages? ... (microsoft.public.exchange.connectivity) Re: Completely replace software firewall with hardware firewall? ... >> to provide outbound protection you must work from the application layer. ... >> A hardware solution does not provide this. ... A static policy where a port is blocked. ... >users to slow/stop the spread of a virus on infected machines. ... (comp.security.firewalls) Re: Completely replace software firewall with hardware firewall? ... >> to provide outbound protection you must work from the application layer. ... >> A hardware solution does not provide this. ... A static policy where a port is blocked. ... >users to slow/stop the spread of a virus on infected machines. ... (alt.computer.security) Re: [fw-wiz] checkpoint port-redirection question ... not complying with a policy that says they must push all outbound ... > supposed to be dealing with `trained` professionals that should know what ... (Firewall-Wizards)