[unisog] no-ip.com etc.

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Mon Oct 27 16:09:48 GMT 2003


On Mon, 27 Oct 2003 07:31:28 PST, Ben Curran said:

> > Hmm.. Killing the network, and doing something illegal.  
> 
> They do this all the time. Another reason to minimize exposure.

Best way to minimize your exposure is to not provide access at all.  Is that
what direction you want to go?

> What part of a university's academic mission are we hindering by not allowing ad-hoc 
> student established servers?

What part of the university's mission could you be better serving during the
time you spend dealing with ad-hoc servers that aren't causing a problem for
other reasons such as bandwidth usage or similar?

Remember that for a TCP connection, one end or the other is going to
send a SYN packet.  Sure, you can block ad-hoc servers easily enough by
just stomping all the inbound SYN packets.  But then you manage to break
everything from FTP (if it doesn't use PASV) to irc DCC CHAT to most
programs that have a peer-to-peer feature (including most IM services).

Which I suppose is OK - but at that point, why not just say "your machines can
get to our SMTP and HTTP proxies and that's it" and be done with it?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20031027/cfb8f10e/attachment-0003.bin


More information about the unisog mailing list