Re: [fw-wiz] The home user problem returns

From: Mason Schmitt (mason_at_schmitt.ca)
Date: 09/13/05

  • Next message: Mason Schmitt: "Re: [fw-wiz] The home user problem returns"
    To: "R. DuFresne" <dufresne@sysinfo.com>
    Date: Tue, 13 Sep 2005 14:43:46 -0700
    
    

    >>> PLEASE explain to me how my P2P app is going to affect you - my ISP -
    >>> or my
    >>> neighbor?
    >>>
    >>>
    >
    > In a shared bandwidth scenario, the pron surfing kid and your p2p
    > connections are not mutually exclusive, they both have exactly the same
    > impact.

    I should point out; it's true that the ISP game is an over subscription
    game. It has to be in order for the home user to pay as little as they
    do. If you want a dsl or cable modem's worth of bandwidth absolutely
    guaranteed to you at all hours of the day AND you want to be able to
    shovel all the data you can through that pipe, then you can get it, it
    just costs more - a lot more. Try pricing out a measly T1 some time.

    But, over subscription problems and p2p are not what I'm talking about
    here at all. Those are just network and bandwidth management issues
    that I'm not attempting to bring to this list. My concern is with
    people that want a wide open, unrestricted,
    give-me-all-my-bad-stuff-it-mine kind of connection and don't think
    about the impact that attitude has with others sharing the same ISP, or
    for that matter, those behind other ISPs.

    I think I've made my point clear that ISPs need to get involved in
    protecting those that are ignorant and laying fully exposed. This is a
    network security/firewall sort of issue and one that I'd hoped would be
     considered relevant to this list (it appears to be so far).

    > On another note to this thread as a whole;
    >
    > beside ingress and egress filtering, how much might ISP's suffer for
    > correcting some of the windows network protocol errors by not passing
    > ports 135-139, 445 and 5000 etc across perimiters? Or even allowing
    > them to braodcast witin the ISP's realm? Certainly would work to neuter
    > the M$ issues to a low noise level would it not?
    >

    This is exactly the kind of ingress and egress filtering I'm talking
    about. We've avoided, by having these filters in place, some fairly
    nasty worm epidemics that wreaked havoc at other ISPs. None of the
    traffic typically associated with those ports has any business
    whatsoever moving beyond the confines of the home user's local network
    or any LAN for that matter.

    Again, for most networks, this is absolutely the wrong way to approach
    the problem, but for an ISP, those filters and anti spoofing filters
    have taken a big chunk out of the low hanging fruit.

    --
    Mason
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Mason Schmitt: "Re: [fw-wiz] The home user problem returns"

    Relevant Pages

    • Re: Moving from Zen to ADSL24
      ... I'm thinking of moving to ADSL24 - any comments from those already ... Idnet is the only ISP I have come across to state that there is NO ... contention across their own network. ... our services and ensuring that bandwidth investment exceeds customer ...
      (uk.telecom.broadband)
    • Re: [SOLVED] Updated web page, but seeing older one?
      ... how does the ISP using a cache server save bandwidt? ... >> if the requests are coming from their clients to web pages outside, ... The outside bandwidth is still used. ... >traffic from the ISP through their core network to others' networks are ...
      (RedHat)
    • Re: Warning to PlusNet users, old & new
      ... I have 2 relatives who I have advised to change ISP in light of this. ... I discovered almost by accident that Idnet's provision of bandwidth per customer ... And I forgot to say they have NO contention on their network, bandwidth throttling. ...
      (uk.telecom.broadband)
    • RE: [Full-Disclosure] A rather newbie question
      ... This is my home network, so I probably have nothing that they would be interested in. ... that person since he would be more willing to help rather than your ISP. ... If your rule is similar to this, you're just wasting ... >> traffic that was wasting MY bandwidth. ...
      (Full-Disclosure)
    • Re: dpreview
      ... Your ISP filters the spam just before it reaches your mailbox. ... IOW, no bandwidth hit on me, nor on whatever feeds the ISP receives. ... So I'm getting about 9X more data per dollar while spam has gone up certainly a lot more than 9 times! ...
      (rec.photo.digital.slr-systems)