On Wed, 13 Aug 2003, at 9:41am, [EMAIL PROTECTED] wrote: >> One man's outbound is somebody else's inbound. > > Right, which is why all firewalls come with default rules set to block all > inbound and all outbound traffic.
By default, most products on the market are hideously insecure, and should not be put into production without extensive modifications. "Deny by default" is an acceptable and widely recommended security stance for many organizations. It's not as unreasonable as you make it out to be. However, what firewalls ship with by default really is irrelevant. The discussion was about what ISPs are doing, not what firewall vendors are doing. We were talking about ISPs who are employing filters, either on a permanent or temporary basis, to stop insecure systems being run by unqualified people (i.e., 90% of their customer base) from damaging the public network further. >> Many ISPs are concerned with stopping existing compromises from >> spreading, in addition to stopping inbound attacks. > > I'm sure that's why MSN blocks outbound access on port 25 to any mail > server other than their own. And why a number of smaller ISPs block VPN > access unless you've paid for a "business" account. And this has what, exactly, to do with the discussion? > I have an ISP, not an HSP (http service provider). The I doesn't stand for > 'ports we think you should be able to use'. Read your Terms Of Service. I suspect it actually does say something to that effect. ISPs have an obligation and a necessity to protect their operations from attack. You do not own your ISP's network, your ISP does. -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do | | not represent the views or policy of any other person or organization. | | All information is provided without warranty of any kind. | _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
