[Dshield] ISP Responsibity...

Josh Tolley josh at raintreeinc.com
Sat Aug 20 16:33:56 GMT 2005


Craig Webster wrote:
> While in most cases I agree that they shouldn't be blocking ports -  
> especially not a blanket "these ports are blocked now and forever"  
> block - I believe that the ISP should have the option of closing the  
> ports for a limited time during extreme worm / storm / etc activity.  

In this same vein, I seem to remember reading that one of the things 
that helped stop... was it Slammer, or perhaps Nachia? Anyway, ISP 
response was crucial to controlling the worm.

It seems reasonable that an ISP should execute varying levels of control 
on their various clients. For instance, higher-end business customers 
should (though in many cases probably don't) have proper expertise to 
handle their own traffic, and an ISP should allow all traffic for 
business-level customers. On the other hand, home users, who wouldn't 
have a clue either way, can reasonably have a tighter layer of control 
imposed upon them. One simple rule may be that addresses in the ISP's 
DHCP pools can't send traffic on port 25 to anything but the ISP's mail 
servers -- many do this already. I don't advocate ISPs being required to 
create more complex sorts of firewall rules, if only because their 
hardware might easily be overtaxed, but simply blocking ports in most 
cases shouldn't overwhelm existing infrastructure, and can and does go a 
long way to stopping Internet plagues like spam and worms.

Josh Tolley
Raintree Systems, Inc.
http://www.raintreeinc.com
Office Phone: (801) 293-3090
Corporate Office: (800) 333-1033


More information about the list mailing list