Re: [fw-wiz] The home user problem returns

• Previous message: Tina Bird: "RE: [fw-wiz] The home user problem returns"
• In reply to: Mason Schmitt: "Re: [fw-wiz] The home user problem returns"
• Next in thread: Mason Schmitt: "Re: [fw-wiz] The home user problem returns"
• Reply: Mason Schmitt: "Re: [fw-wiz] The home user problem returns"
• Reply: lordchariot_at_earthlink.net: "RE: [fw-wiz] The home user problem returns"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Mason Schmitt <mason@schmitt.ca>
Date: Tue, 13 Sep 2005 16:01:27 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 12 Sep 2005, Mason Schmitt wrote:

> Brian Loe wrote:

         [SNIP]

>
> Here's an example that's not related to Internet access and bandwidth.
> In North America (and starting to become a problem in most developed
> nations), smoking is becoming a huge problem. Smoking is known to be
> linked to many forms of cancer, birth defects, gum disease, many
> respiratory diseases, etc, etc. - it's a really long list. Some people
> consider smoking to be a personal choice, so lets run with that. My
> first argument pertains more to Canada and other countries that have
> public medical systems.
>
> When enough people choose to smoke, they are placing an unnecessary
> burden on the public medical system, thereby degrading it for everyone else.
>

Are they? Will they really? Afterall, considering the above, they are
not likely to live as long and thus not going to be within the system as
long term as the non-smokers.

> You may be one of those militant smokers that feels it is their right to
> smoke wherever they please. If you decide you want to smoke in public,
> you may be smoking next to someone that is an asthmatic. It's well
> known that second hand smoke is just as deadly, if not more so, than the
> smoke you pull through your filter

Are you certain of this, or is it just another version of overhype in this
current time and space? Afterall, think about it a momnet, if I draw
smoke directly into my lungs, and exhale and then you breath in a small
fraction of what residule smoke is left, it is really more of a health
issue for you in a secondary fashion then it was for me in the first
intake?

> - if you and other militant smokers
> get their way, non smokers are now suffering the same health problems
> that are common amongst smokers. Other people may be enjoying the fresh
> air or a good meal and you are denying them that. The effect can even
> be as simple as making someone else's clothes stink. No matter how you
> look at it, this is more than just your problem - you are involving
> other people that may not want to have anything to do with you.
>

We face these 'balances;' in many facets of daily life, anytime a majority
has to allow the minority to have equal rights and protections though no?

>
> I promised I'd give you an example relating to your use of your Internet
> connection. Here's one really good example for you.
>
> Recently a bot found it's way onto a customer's computer. That bot
> setup shop and began to send spam... through our not-so-smart smarthost.
> The bot was also a worm and it started spewing like crazy trying to
> find more hosts - it found some on our network and would have found some
> out on the net if I hadn't put egress filters in place on our router a
> year or two ago.
>
> I got called into work outside normal hours to track down the bot, our
> support people had to call the customer to let them know and they also
> turned of the customer's modem until the infection was cleaned out.
> They then had to start calling other customers and doing the same.
>
> In the short time that the spam was flowing, our mail server managed to
> find it's way onto a couple blacklists. As a result, customers that
> didn't get the worm were still being affected because some of their
> email bounced due to other mail admins using the blacklists that we
> ended up on. This in turn generated support calls.
>
> I then kicked myself for not having implemented rate limiting and really
> basic spam filtering on our outbound smtp relay like I had planned to
> and set about working out how I was going to do that. It turns out that
> it not feasible with our current solution, so this week I'm working on
> building a new mail server that will allow me to do the egress filtering
> I need to do.
>
> All in all, the fact that there weren't more safe guards in place cost
> us time and money and affected a fair number of customers. It has also
> pulled me away from other important work and thus I get further behind.
>
> If that doesn't paint a clear enough picture of why you should not be
> able to have a wide open un-restricted pipe of your own, let me know and
> I'll give you some more examples.
>

That sure seems like a long way about trying to limit the exposures that
got and get you into the fixes you find in your ISP technical position,
so, let me ask here again, would it not be simpler, and likely go pretty
much untocinted to the vast majority of your users to just lont allow
ports 135-139, 455, and 500 and the rest of the windws specifics from
leaving your periniters and even actually eliminate it on your braodcasts
within? Seems that would be far less work and likely with the ingress and
egress filtering eliminate 90% of the issues that hit you and your user
base, would it not? and certainly without the support overhead of the
vast majority of the plans and solutions you are trying to impliment, yes?

My question to the rest of the list remains: how much would an ISP suffer
if they invoked such policies? and invoked such policies with the hitting
those that request to be allowed to avoid those limitaions with a service
expansion and extra hit from the pocketbook? Rather then give it all away
under the basic pricing infrastructure, you make those that wish for the
"addon risks" pay for it.

Thanks,

Ron DuFresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         admin & senior security consultant: sysinfo.com
                         http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                 -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDJzAbst+vzJSwZikRAry+AJoCKeFo3zyFsww0YwwMVVyTPSTWPACgkGmR
cTVGspq1CNCNmeeaXN8d2aM=
=X/Bq
-----END PGP SIGNATURE-----
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Tina Bird: "RE: [fw-wiz] The home user problem returns"
• In reply to: Mason Schmitt: "Re: [fw-wiz] The home user problem returns"
• Next in thread: Mason Schmitt: "Re: [fw-wiz] The home user problem returns"
• Reply: Mason Schmitt: "Re: [fw-wiz] The home user problem returns"
• Reply: lordchariot_at_earthlink.net: "RE: [fw-wiz] The home user problem returns"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]