Blocking ports 137-139 is of great benefit to the vast majority of their
customers. It is also of benefit to ATT, as it cuts down on support
calls. Of course, documenting this would be good.
- Daniel Golding
On Sun, 27 Oct 2002, Joe wrote:
I Second that.
ATT blocks ports (depending where
Wow! They just don't count subscribers:).
I realize one way makes more sense from a we've got more subscribers than
you do sense but it wouldn't be that hard to count real subscribers one
wouldn't think.
On Mon, 28 Oct 2002 [EMAIL PROTECTED] wrote:
In a public press release dated August,
On Mon, 28 Oct 2002 11:05:44 EST, [EMAIL PROTECTED] said:
They take a total revenue that's somehow gets associated with selling cable
and divide it by the price of the basic cable. The resulting number is the
number of subscribers that they claim to have.
This of course is perfectly fine, as
Sean,
At Home's policy was that servers were administratively forbidden. It
ran proactive port scans to detect them (which of course were subject to
firewall ACLs) and actioned them under a complex and changing rule set.
It frequently left enforcement to the local partner depending on
On Sun, Oct 27, 2002 at 02:35:23PM -0500, Eric M. Carroll wrote:
Sean,
At Home's policy was that servers were administratively forbidden. It
ran proactive port scans to detect them (which of course were subject to
firewall ACLs) and actioned them under a complex and changing rule set.
It
Not really
On Sun, 27 Oct 2002, Matthew S. Hallacy wrote:
On Sun, Oct 27, 2002 at 02:35:23PM -0500, Eric M. Carroll wrote:
Sean,
At Home's policy was that servers were administratively forbidden. It
ran proactive port scans to detect them (which of course were subject to
actually with the merger of Att and comcast most cable inet customers
will be through them.
Joseph Barnhart wrote:
Not really
On Sun, 27 Oct 2002, Matthew S. Hallacy wrote:
On Sun, Oct 27, 2002 at 02:35:23PM -0500, Eric M. Carroll wrote:
Sean,
At Home's policy was that servers were
On Sun, Oct 27, 2002 at 07:42:10PM -0600, Matthew S. Hallacy wrote:
And they block port 80 inbound TCP further out in their network. Overall,
cable providers more heavily than cable providers.
^-- s/cable/DSL/;
--
Matthew S. Hallacy
I Second that.
ATT blocks ports (depending where you are) but won't come
right out and say it. On a call to them over a year ago
while testing DSL versus Cable in San Jose, it took almost an hour to get
them to admit that they were blocking ports 137-139, and even then there
was no formal
At 09:03 PM 10/27/2002 -0500, William Warren wrote:
actually with the merger of Att and comcast most cable inet customers
will be through them.
Until that happens however:
In a public press release dated August, they claim to have 1.8 million
Internet customers. How that compares to the
-Original Message-
From: [EMAIL PROTECTED] [mailto:owner-nanog;merit.edu] On
Behalf Of Christopher Schulte
Sent: October 27, 2002 9:22 PM
To: William Warren; [EMAIL PROTECTED]
Subject: Re: How to secure the Internet in three easy steps
In a public press release dated August,
On Fri, 25 Oct 2002, Paul Vixie wrote:
money. this whole thing is really about money. but 1 isn't getting
done because the money that could be saved is by ISP B whereas the
money which must be spent is by ISP A. so, the nondeployment of BCP38
is all about money, too.
As the other Sean
Source address validation, or more generally anti-spoofing filters, do
not require providers maintain logs, perform content inspection or
install firewalls. But source address validation won't stop attacks,
viruses, child porn, terrorists, gambling, music sharing or any other
evil that
At 13:14 -0400 10/25/02, Sean Donelan wrote:
Are there some down-sides? Sure. But who really needs the end-to-end
principle or uncontrolled innovation.
The context of the above is, of course, sarcastic. But it reminded
me of a quote that once appeared on mailing list that is germane to
Assuming no time, money, people, etc resource constraints; securing the
Internet is pretty simple.
1. Require all providers install and manage firewalls on all subscriber
connections enforcing source address validation.
2. Prohibit subscribers from running services on their own machines.
On 25 Oct 2002, Paul Vixie wrote:
1. Require all providers install and manage firewalls on all subscriber
connections enforcing source address validation.
i can see how the end to end principle applies in cases 2 and 3, but not 1.
I didn't make any of these up. They've all been proposed
1. Require all providers install and manage firewalls on all subscriber
connections enforcing source address validation.
i can see how the end to end principle applies in cases 2 and 3, but not 1.
I didn't make any of these up. They've all been proposed by serious,
well-meaning
i don't believe that 2 or 3 will ever happen, for simple market reasons --
it is harder to make money if you do 2 or 3. however, 1 only costs a
small
bit of ops expense, and has no market impact at all, so it's practical in
simple economic terms.
Not only that, but unless _everyone_
Sameer R. Manek wrote:
Paul Vixie wrote:
Sean Donelan wrote:
I didn't make any of these up. They've all been proposed by serious,
well-meaning people.
i recommend caution with your choice of words. apparently not everyone
treats well meaning as the compliement that it is.
This seems to be a catch-22; no one will implement these for the good of the
net because it costs money, and ignorant competitors that don't implement
them will not share in that expense. Have any such ideas been implemented
in the modern internet? How?
Not to mention that 2 or 3 wouldn´t
On Fri, 25 Oct 2002, Sean Donelan wrote:
:Assuming no time, money, people, etc resource constraints; securing the
:Internet is pretty simple.
Assuming you are referring to securing as the balance of the holy
triuvirate of Confidentiality, Integrity and Availability, there
are other options
On Fri, 25 Oct 2002, Paul Vixie wrote:
Not only that, but unless _everyone_ implements 2 and/or 3, all the bad
people that exploit the things these are meant to protect will migrate to
the networks that lack these measures, mitigating the benefits.
not just the bad people. all the
Actually, I'm not certain but athome didn't seem to proxy or block
anything. I ran my home linux box off at home for a while and never had
any problem with any ports including http and mail. Also, it seems to me
that I tried something similar for a goof with an aol dialup and it worked
as well.
On Fri, 25 Oct 2002, Sean Donelan wrote:
:Many corporate networks already proxy all their user's traffic, and
:prohibit direct connections through the corporate firewalls.
:
:I think its a bad idea, but techincally I have a hard time saying its
:technically impossible.
Well, it is also
not just the bad people. all the people. a network with 2 or 3 in place
is useless. there is no way to make 2 or 3 happen.
As part of their anti-spam efforts, several providers block SMTP port
25, and force their subscribers to only use that provider's SMTP
relay/proxy to send mail.
batz == batz [EMAIL PROTECTED] writes:
batz Assuming you are referring to securing as the balance of the
batz holy triuvirate of Confidentiality, Integrity and Availability,
batz there are other options than the modest proposals you made.
batz The ISP doesn't have to manage the firewall, but
26 matches
Mail list logo