Pascal Gloor wrote: > > > Why Access Carriers and also Transit Carriers not block all the RPC Ports > on ther Access Routers ? > > because some of us (swiss ISPs) think the user has the right to have full > internet access (ie not blocking anything).
Agreed. Or maybe some ISPs could do (even cheaper) Internet with just Port 80 and 110 open for Web and Email. Who needs more anyway? > Personally I think the average user is not able to secure his Windows and > will be infected in ANY case. See, the other day I have reinstalled a PC, > Windows XP. I had the bad idea to have it pluged to the internet without > being behind a nat or so. Guess, once the box was installed and all the > patches applied (~120Mbytes), my PC was already infected by 3 viruses and 2 > trojans. XP is bad... > I think we should filter some well known " unsecure ports", as 135-139 and > 445 and so we do. No user complained so far. But you do it at the edge. Doing it in the core doesn't help that much because then the users within your network can still infect each other. If you do any kind of filtering please document it properly and publically so when some poor support guy is trying to find out why this-and-that ain't working here but there isn't left out in the dark. > If a user really wants to do "whatever microsoft sharing" over the internet, > we will tell him to use pptp or anything else he could use to have a > 'minimum' of security. -- Andre ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
