On Thu, Oct 16, 2003 at 10:18:51AM +0200, Pascal Gloor wrote: > Hi folks, > > Considering those facts: > > - the growing number of worms and any other form of harmfull virus. > - that IP is a powerfull tool. > - the growing bandwidth usable for end-users. > - the need for business customers to have stable and reliable internet > access. > > Today we're perhaps offering our customer a too powerfull tool. Most (lets > say 80 or 90%) of our "mass" customers only use smtp/pop3/imap/http/https. > > Is it still appropriate to give to "mass" customers ability to generate any > kind of communication using IP? > What about blocking TCP_SYN _TO_ dial/adsl (non-business) customers? > Should we even think about blocking some kind of outgoing traffic? > > I'm not asking this on a technical point of view, but more on a > philosophical point of view. > > Ideas?
Bad idea, really bad idea. a) you break a lot of protocols by blocking TCP_SYN to dial/adsl customers (e.g. ftp). b) Using a NAT router blocks all not allowed TCP_SYN on the customer side. Cable and cheapo adsl-modems need a firewall anyway. c) blocking outgoing traffic won't help you anything. Even p2p clients start using port 80 for traffic and I hope you don't even consider to block this port. -- :wq Claudio ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
