[Dshield] Re: [Full-Disclosure] Port Blocking
rick at jaray.net
Sat Jun 28 02:36:45 GMT 2003
The ISP should just block the ports. If people (business and residential)
need to run web, mail, p2p, mirc, crap, etc. then they should sign legal
binding agreements, in the usa anyway, to be held legally and financially
accountable for there actions.. or lack there of. The ISP could then
throttle the pricing structure for us smaller ISP's to pass on a savings to
our business customers.
It's not a hard concept. Blocking ports is done every second of every day
and usually at the boarder routers. ( the one that directly interfaces with
the ISP )
People don't own the internet - it's a shared world resource that requires
shared world control. There is no way that all the countries would agree
upon the philosophy of having the end user control there computers.. just
won't happen. A sure and sufficient solution, imho, is to block the ports.
A lot of ISP's, in the usa anyway, have and are continuing to block smtp
port 25 for non business paying entities. Most sys admins block ports to
help protect there corporate environments.
I think this topic is over-stressed.. it's a non issue. All respondent
parties have great arguments either way - but without some type of control
the internet is designed to fail.
----- Original Message -----
From: "Bjorn Stromberg" <bjorn at thechemistrylab.com>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Friday, June 27, 2003 2:39 PM
Subject: Re: [Dshield] Re: [Full-Disclosure] Port Blocking
> "hire a sysadmin to secure their connection or become sufficiently trained
> to do it themselves"
> You say that like it takes some sort of awe-inspiring feat to increase the
> baseline security of a system. Running Windows Update a couple times,
> disabling NetBIOS over tcp/ip and Windows File and Print Sharing. These
> things should be REQUIRED to have your cable or DSL modem set up.
> It's up to the ISPs to be more responsive and responsible for the
> on their network. Reports like those coming from DShield should be acted
> You shouldn't have to pull teeth to get a misconfigured, infected,
> spamming machine unplugged and fixed.
> This is a case where it will require some actual work to do things the
> way. Let's not take the easy way out and just block ports.
> Bjorn Stromberg
> Mid-Continent Testing Laboratories, Inc.
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.
Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.
More information about the list