[Dshield] should ISPs close ports (was: Windows Messenger Popup

Jeff Kell jeff-kell at utc.edu
Tue Jun 24 01:43:48 GMT 2003


A slight variation on the theme... clearly an ISP should not be doing 
any filtering on their own initiative.  To do so would not be providing 
full internet access, as others have pointed out.

However, what about filtering by mutual consent?

Obviously an ISP cannot tailor ACLs for each cable or DSL customer, but 
they could provide some "pre-packaged" filtering by choice.

As a university, we are getting large enough to be considered at least a 
small ISP.  Our ingress (and egress) filters are quite considerable, and
a growing percentage of traffic is chewed away by the filters.  It would 
be nice to have the ingress filter on the other end of the pipe - saving 
us the bandwidth it takes to transmit junk that will be blocked anyway.

The "noise level" (packets blocked at ingress) has been steadily growing 
as long as the internet has, perhaps growing faster than the net itself 
eventually (if not already).

Jeff




More information about the list mailing list