[Dshield] ISP Responsibity...
josh at raintreeinc.com
Sat Aug 20 16:33:56 GMT 2005
Craig Webster wrote:
> While in most cases I agree that they shouldn't be blocking ports -
> especially not a blanket "these ports are blocked now and forever"
> block - I believe that the ISP should have the option of closing the
> ports for a limited time during extreme worm / storm / etc activity.
In this same vein, I seem to remember reading that one of the things
that helped stop... was it Slammer, or perhaps Nachia? Anyway, ISP
response was crucial to controlling the worm.
It seems reasonable that an ISP should execute varying levels of control
on their various clients. For instance, higher-end business customers
should (though in many cases probably don't) have proper expertise to
handle their own traffic, and an ISP should allow all traffic for
business-level customers. On the other hand, home users, who wouldn't
have a clue either way, can reasonably have a tighter layer of control
imposed upon them. One simple rule may be that addresses in the ISP's
DHCP pools can't send traffic on port 25 to anything but the ISP's mail
servers -- many do this already. I don't advocate ISPs being required to
create more complex sorts of firewall rules, if only because their
hardware might easily be overtaxed, but simply blocking ports in most
cases shouldn't overwhelm existing infrastructure, and can and does go a
long way to stopping Internet plagues like spam and worms.
Raintree Systems, Inc.
Office Phone: (801) 293-3090
Corporate Office: (800) 333-1033
More information about the list