Re: New TELUS Security policy
From: Leythos (void_at_nowhere.com)
Date: 05/27/04
- Next message: *Vanguard*: "Re: passive monitoring"
- Previous message: Bertie: "Locking to an application"
- In reply to: Hairy One Kenobi: "Re: New TELUS Security policy"
- Next in thread: Pique_at_boo: "Re: New TELUS Security policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 May 2004 00:41:18 GMT
In article <f1atc.817$qU4.573@newsfe6-gui.server.ntli.net>, abuse@
[127.0.0.1] says...
> "Leythos" <void@nowhere.com> wrote in message
> news:MPG.1b1b0862edf9623598a571@news-server.columbus.rr.com...
> > In article <w89sc.5277$J02.3891@edtnps84>, jynxed-nospamhaha-
> > hi@telus.net says...
> > > So TELUS (Canadian ADSL provider) has started to roll out a new security
> > > policy on their consumer ADSL market. This security policy takes
> initiative
> > > and blocks specific incoming ports.
> > > The ports blocked are:
> > > TCP 21 (ftp)
> > > TCP 25 (smtp)
> > > TCP 80 (www)
> > > TCP 110 (pop3)
> > > TCP 6667 (ircd)
> > > TCP/UDP 135-139 (dcom and netbios)
> > > TCP/UDP 1433-1434 (ms-sql)
> > >
> > > They are blocking these, telling the customers it's for their safety.
> Which
> > > is true, because the Telus customers won't get slammed by the latest
> Windows
> > > worm/virus. But I wanted thoughts from the community on this idea.
> >
> > I think it's about dang time that an ISP takes a proactive stance
> > against ignorant users. Non-Business account holders don't need any of
> > those ports opened inbound.
>
> Hmm. My own ISP (NTL, in the UK) has been doing similar things for a while..
> blocking some of the low-end ports has been "interesting" for some of us
> router users :o\ ("stealth" 1024 and 1025 TCP to explore interesting Time
> Wait scenarios. Zyxels don't seem to like this..)
The outbound ports, 1024 and above don't make sense for blocking - only
the inbound ports need blocked by the ISP. Meaning, for most users,
there is no reason for the chap down the block to accept packets
directly from the chap around the corner. Most TAS/AUP don't really
allow for it anyway.
> Funnily enough, the OP's comments sound a lot like a situation with a work
> colleague in Florida - a large number of ports were blocked "for his own
> protection".. and are instantly freed if one converts to a business account.
>
> Apparently, the ability to pay twice as much per month /instantly/ makes you
> into a security expert.. (cynic? Moi? ;o)
We have different levels of service here too - if you are a residential
user you are assumed to be just one of the masses. If you pay for
upgraded service it's assumed that you have something invested in it
that is a little beyond the home user group. There are about 5 levels of
business accounts, some are just higher performance accounts for remote
VPN into the home office, some are high performance with as many IP as
you want.... I would say that a business account users is "More Likely"
to be more secure than a residential user.
> My personal view is to include a firewall service (at additional cost,
> natch, and that has to be explicitly deleted from an order). The average
> schmoo would love the idea that they are being nannied, while weirdoes like
> us lot could take a bit more responsibility for our actions. "Tracker"
> excepted, natch ;o)
If the routers that the ISP provides would be NAT enabled by default,
and then allow users to request a non-NAT configuration for free, it
would make the net a lot nicer for all of us.
I think that ALL ISP's should provide instructions for AV and personal
firewall software, but that's asking way to much :)
-- -- spamfree999@rrohio.com (Remove 999 to reply to me)
- Next message: *Vanguard*: "Re: passive monitoring"
- Previous message: Bertie: "Locking to an application"
- In reply to: Hairy One Kenobi: "Re: New TELUS Security policy"
- Next in thread: Pique_at_boo: "Re: New TELUS Security policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
