Re: Port 119 blocked at work and I want it opened

From: Robert R Kircher, Jr. (rrkircher@hotmail.com)
Date: 11/26/02 

From: "Robert R Kircher, Jr." <rrkircher@hotmail.com>
Date: Tue, 26 Nov 2002 08:40:02 -0500

Leythos wrote:
> In article <5zFE9.3916$kO5.1797369@news1.news.adelphia.net>,
> davidwnh@adelphia.net says...
>> It's just not the same. The people who control access need to learn
>> how to filter content and access as opposed to blocking ports or
>> services. He could have employed filters with a service that
>> involves fewer abused vulnerabilities than a browser without
>> interrupting the productivity of the end user. Total lack of
>> communication in my book! As an admin you need to find out what the
>> user needs and then work your security around that or explain why
>> compromises or changes "must" be made. And in using a browser in
>> lieu of NNTP with filters has no benefit!
>
> What reason do you need usenet for? I'm just kinda wondering. I
> manage a large WAN and have never had a developer provide me with a
> good reason for opening the ports for usenet traffic.
>
>
> --

Obviously you're not a developer or a help desk person... Let me ask you a
question. While managing that big LAN have you ever gone to the Usenet to
find the solution to a problem? Have you ever had an interactive
conversation with someone in a NG regarding that issue?

The Usenet can be an invaluable RESOURCE in helping resolve issues. The
ability to *discuss* an issue with other people out there in the world who
may have had the same problem is priceless especially in today's world of
pay as you go support. Just because this fellow is manning a help desk
doesn't mean he knows everything, however, someone out there has dealt with
the same or similar issues and just may help this guy solve a problem. Sure
he can search google groups but that doesn't take the place of the
interaction that goes on when you can post and reply to the other people on
the Usenet.

As to why not use web based interfaces, well they suck more than older
terminal based readers. they are very difficult to navigate, slow, and most
importantly imposable to use to track certain threads. A help desk people
need speedy and efficient tools not slow and cumbersome ones.

I also manage several large networks, support end users, and I come from a
development background and can't think of a good reason *to* close 119 down
across the board. Frankly, I can't think of a good reason to shut down
anything across the board. It's the easy/lazy mans way out... My job
isn't to prevent or make difficult my users productivity, it's to facilitate
that productivity in a secure manner. That doesn't mean I have to shut down
port 119. What it means is that I have to have clear use policies that are
strictly enforced and/or deal with abuses on a case by case basis.
Imposable you say!!! I say don't be so lazy. You have tools, logs, et al
that when used properly you can isolate abuse quickly and then deal
appropriately.

As to the nasties that could be introduced via NGs, well the way virus and
Trojan authors are going today I think we all aught to just pull our systems
of the internet. That way we wouldn't need to deal with such things... Oh
wait a minute I forgot about floppy drives... Point is we have to deal with
this problem properly anyway and the introduction of NG doesn't change that.
Make sure your AV software is up to date on all your clients and again use
those tools you have to sniff out bad traffic. I haven't had an infestation
traced back to a NG yet. In the mean time I can't keep my users from
opening those "Our pictures of" emails. I guess I should shut down 25, 110,
and 143. That should stop the email viruses...

If you're still insistent that you need to keep 119 shut down, then do you
users a favor and bring up your own News Server. Take requests for public
groups, select the appropriate ones and mirror those groups on your news
server... Oh but that's work again...

What ever you do *Don't restrict you users from legitimate use of a
resource*... Especially a FREE resource. My advice to this guy is
everytime he can't solve an issue and can't access the Usenet, he should
just open up a case with MS and have his company pay the $99 (email support)
or $300+ for phone support. I bet the use policy would change quick when
the bill came in.

HTH 

--
Rob

Relevant Pages

  • Re: STINKY VENDORS, STINKY MFGS,STINKY PRODUCTS,STINKY GROUP
    ... on usenet or by support. ... how much MORE money are you willing to pay to get decent products ... warranty issues except on systems that the dealer builds. ...
    (alt.internet.wireless)
  • Re: Damn, thsi used to be Alt.machines.cnc
    ... Now my kill filters are getting so long I need a bigger hard drive. ... My GOD the things he's done for fun on usenet. ... subjects "we" personally care about and no others. ... Now imagine this newsgroup without the side chatter. ...
    (alt.machines.cnc)
  • Re: Nobody proposing new uk newsgroups - why ?
    ... >at a time when internet usage in the uk has grown exponentially. ... >filters to make usenet barely manageble some of the time but by far the ... You have made usenet the dominion ... >> acts as a local news server, that can either mark or delete all messages ...
    (uk.net.news.config)
  • Re: Holy Smoke
    ... themselves shut the fuck up and out of my threads/posts. ... turned themselves into my Usenet punching bags. ... Onideus Mad Hatter ... "Usenet Filters - Learn to shut yourself the fuck up!" ...
    (alt.2600)
  • Re: Is Psychology/psychiatry a Science?
    ... :> parental attitudes influence the child's sexual orientation in the way ... :> That is *not* support. ... Email responses to my Usenet articles will be posted at my discretion. ...
    (sci.med)