[Dshield] Re: [Full-Disclosure] Port Blocking

Darren Gasser kaos at earthlink.net
Fri Jun 27 17:48:45 GMT 2003


Mrcorp wrote:
> The second thought is, what if ISPs were like cable companies.  What
> if they only allowed specific ports (like channels) that they seem
> appropriate to their users???

I don't think using the term "ISP" as a homogenous description is very
useful these days.

I'd agree that best practice for consumer-grade dialup, cable, and DSL
providers would be to block the hell out of the commonly abused ports like
outbound SMTP, inbound HTTP, and the ones used by well-known Trojans.
There's currently no reliable way of making your typical point 'n drool end
user secure their own connection, so the only responsible choice is for the
ISP to make that part of their service.

On the other hand, this isn't an option for commercial transit or hosting
providers whose customers often need these ports open, and where the end
user should be liable for insuring they have the minimal level of technical
competence to run securely.  However, the ISP still has the duty to monitor
their network (through abuse reporting accounts, exploit scans, traffic
analysis, etc.) to ensure that their customers aren't causing problems
either maliciously or through incompetence.

-Darren




More information about the list mailing list