It'll break basic functionality. At least in the Pacific Northwest I haven't run into an open coffee shop wifi (Blenz, McDonalds, Starbucks, Waves Coffee, and a dozen other competitors) that operates a default-deny filter as you describe. In fact it's even possible to torrent through 95% of them without connecting to my VPN.
Even the fast food burger restaurants don't seem to have particularly restrictive firewalls in place on their free wifi (Jack in the Box, Burger King). If the bar owner referenced in the original wants to try to do that, with their own firewall, they can certainly try... But it's not the ISP's responsibility to configure the user's in-premises wifi/"last 20 meters" connection to client devices. Define a hard demarc point at "This is the 100BaseTX port to the WAN of your router, here is your ca5e cable, please let us know if you see any packet loss or downtime". Unless you have some sort of managed services division that charges extra and deals with the hassle of maintaining the end user's firewall/wifi. On Wed, Apr 27, 2016 at 8:10 PM, Ken Hohhof <[email protected]> wrote: > If this is an open WiFi hotspot, why can’t you allow basic web browsing, > POP/IMAP, and SMTP port 587 but not 25, and block everything else? > > I often find that at hotpots I can’t use telnet, SSH, Winbox, etc. > Probably can’t connect to destination port 25 either. Heck, most regular > ISPs block destination port 25. > > Open Internet should not apply to a coffee shop hotspot, I don’t think you > are required to transport anything and everything in that situation. > > > *From:* Eric Kuhnke <[email protected]> > *Sent:* Wednesday, April 27, 2016 8:58 PM > *To:* [email protected] > *Subject:* Re: [AFMUG] abuse reports on customer IPs > > If it is a customer that operates a open public wifi AP like a coffee > shop, bar, restaurant, there is not a lot that you can do. Customer won't > stop running open wifi, people won't stop bringing in infected laptops. No > way to find out who has the infected laptops/devices. > > One possible solution if sufficient ARIN IP space is available is to put > all such customers in their own special swamp netblock as static > assignments. Consider that block forever sullied. > > On Wed, Apr 27, 2016 at 6:54 PM, That One Guy /sarcasm < > [email protected]> wrote: > >> I know its bad practice, I normally enjoy turning customers off, it makes >> me feel godlike and powerful, alot of times when i get to shut one off i go >> upstairs and drag mu woman from her bed by her hair to the kitchen to make >> me a sammich. but for whatever reason i like this customer >> >> On Wed, Apr 27, 2016 at 5:31 PM, Eric Kuhnke <[email protected]> >> wrote: >> >>> Spam and botnet activity is far more harmful to the health of your >>> network and the IP reputation of your netblocks than anything DMCA related. >>> >>> >>> torrents and DMCA notifications don't hurt the network. Knowingly >>> leaving something that is a repository of virii/worms/trojans online is >>> just bad practice. >>> >>> >>> On Wed, Apr 27, 2016 at 7:09 AM, That One Guy /sarcasm < >>> [email protected]> wrote: >>> >>>> We have a particular customer, We have been getting tons of abuse >>>> reports on their static IP, I assume we will never be able to wash this >>>> sullied IP clean. Theyre not really doing any harm to our network, or >>>> impacting others on the network, they are in full breach of our TOS, thats >>>> for sure. suprisingly, its primarily spam and botnet activity, but no DMCA. >>>> >>>> Is there any liability on us as an ISP to not address this >>>> affirmatively with the customer. Im going to contact them, may offer a >>>> leased fortigate UTM option. But if there isnt a resolution, other than >>>> their static IP residing on every blacklist can we get nailed? >>>> >>>> Its a good customer, pays their bill on time, worked with us through a >>>> service issue without the usual "gimme discounts and free shit or im going >>>> elsewhere" I dont want to HAVE to disconnect them if im not required to and >>>> theyre not impacting others if they cant or wont resolve the issues >>>> >>>> -- >>>> If you only see yourself as part of the team but you don't see your >>>> team as part of yourself you have already failed as part of the team. >>>> >>> >>> >> >> >> >> -- >> If you only see yourself as part of the team but you don't see your team >> as part of yourself you have already failed as part of the team. >> > >
