[Dshield] paper about port blocking

Jonathan Rickman jonathan at xcorps.net
Wed Sep 3 21:13:18 GMT 2003

On Wednesday 03 September 2003 16:51, Johannes Ullrich wrote:

> So if someone DOSs your computer, do you expect the ISP at the origin to
> step in? I do believe that any port blocking should be clearly spelled
> out in the respective ISPs AUP. Problems arrise if ports are blocked
> without notifying customers.

That's an interesting argument. I do agree that in times of major activity, 
ISPs should reserve the right to do whatever it takes to keep their 
customers online and happy. However, this should be on an as needed basis, 
and IMO should be temporary. Now it could be argued that threats to some 
services (in particular the ones you mention) are a constant, and should be 
filtered indefinitely. You do in fact make a very strong argument for that. 
But my gut instinct tells me that this would be the start of a rapid 
descent down a slippery slope and I am not willing to accept it. You guys 
will just have to drag me over the edge kicking and screaming. :)

Jonathan Rickman
X Corps Security

More information about the list mailing list