Re: Notifying user of open Internet access
From: Juergen Nieveler (juergen.nieveler.nospam_at_arcor.de)
Date: 12/14/04
- Next message: EDOOD: "Re: Notifying user of open Internet access"
- Previous message: cjj3520_at_aol.com: "Re: Security Incident Statistical Analysis"
- In reply to:(deleted message) Leythos: "Re: Notifying user of open Internet access"
- Next in thread: Leythos: "Re: Notifying user of open Internet access"
- Reply:(deleted message) Leythos: "Re: Notifying user of open Internet access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 14 Dec 2004 17:53:02 GMT
Leythos <void@nowhere.lan> wrote:
>> How do you know it was an accident? Can I borrow your crystal ball
>> for a day?
>
> Because on most residential subnets, subscribers are not permitted to
> run open servers or provide open file sharing services.
That still doesn't mean it was an accident.
>> Which would make that ISP pretty much unusable for most online games,
>> for example...
>
> You've got to be kidding, I've been playing on-line games for almost 10
> years and never found one that didn't work through NAT. In fact, I play
> Counter-Strike on-line most weekends and even run a public server
> through a NAT box - and it supports 24 on-line players with sub 50
> pings.
Still, it would cause problems for users who didn't do anything wrong.
Users of SpeakFreely, for example...
> Actually, the ISP can change the contract TOS ANY TIME THEY WANT and
> don't even have to directly notify the users. Fact is that it's NOT your
> internet, it's the connection provided by the company access, and it's
> THEIR connection. You are permitted to use it as they deem you can,
> which includes any restrictions they want.
They can change the TOS, but then the customer has the right to quit
the contract immediately, at least in most jurisdictions.
>> Unless the ISP told them BEFORE they signed the contract that they
>> can't do it, they can do anything they want with their computer and
>> their connection.
>
> You really need to learn more about contracts, especially ones that say
> they can change the rule any time they want.
Don't assume that the legalities of this are the same all over the
planet.
>> For all you know, that open port 139 might belong to an old granny
>> who accidentally shared pictures of her family - or it's a part of a
>
> There are better methods to share her pictures, without exposing her
> computer, that don't subject her computer to being hacked, that are not
> against most ISP's TOS. Again, most residential/personal internet
> services do not permit users running services that provide anonymous
> access to their computers.
So? You're assuming that your rules are valid for the whole Internet.
> I'm not missing any facts, and I don't demand ANYONE DO ANYTHING, I just
> suggested that if ISP's blocked 135~139 and 445, that life for all of
> us, not just the Windows Users, would be a lot nicer, even if they just
> implemented NAT as the default it would be nicer.
Now we're getting somewhere - we both agree that people running file
sharing without knowing it are the root problem.
But your solution of adding just another layer of complexity and making
life more difficult for everybody isn't the solution. In fact, the
solution has already been found and implemented by Microsoft: Future
versions of Windows (Starting with XP SP2 and Win2k3) simply don't
offer as many (or any) services by default, either by being firewalled
or by not installing them by default in the first place. What isn't
there cannot be abused or misconfigured. Old machines will slowly die
out, replaced by new machines with safer default settings.
I know that you want to achieve an instant solution by simply blocking
everything that might be dangerous, but if we'd done that, Microsoft
would never have done the sensible thing (setting safe defaults),
instead they would have relied on ISPs blocking the traffic.
It's really straightforward: If there is a problem, you solve it by
removing the root cause of the problem - not by adding just another
patch, another filter. If you'd install filters against every possible
security hole, Internet access would get quite expensive very fast,
with ISPs having to install massive firewall systems in their backbone
and hiring the people to manage them - all because a software vendor
was too dumb to come up with an OS that had safe defaults. If you start
by filtering out Netbios from the Internet, people will next demand
Email filtering to filter out viruses. Next will be compulsory spam
filtering (with just a few percent of false positives, nobody will miss
them...). Next will be mandatory porn filtering unless you install TPM
on your machine to show you are an adult (Think of the children!!1!).
We already have lobbyists telling everybody that filesharing is
illegal, unhealthy and fattening - the last thing the Net needs is yet
another advocate in favour of net-censorship.
Juergen Nieveler
-- A career is a job that takes about 20 more hours a week
- Next message: EDOOD: "Re: Notifying user of open Internet access"
- Previous message: cjj3520_at_aol.com: "Re: Security Incident Statistical Analysis"
- In reply to:(deleted message) Leythos: "Re: Notifying user of open Internet access"
- Next in thread: Leythos: "Re: Notifying user of open Internet access"
- Reply:(deleted message) Leythos: "Re: Notifying user of open Internet access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
