Felix Rauch wrote:
What if providers would block access from the outside to the ports most often used by viri, worms, script kiddies and spammers? Wouldn't
So all the 65536 ports soon will be blocked.
In the beginning of this year I had the chance to analyze several hacked windows computers, every one looked different, but sometimes the same tools were installed (like Serv-U ftpd) which were listening on different ports, but surley not on the default one. Some of this computers were hacked through standard MS-RCP or NetBIOS which on our network (the same network you are connected to at your work place) are blocked at the border router.
If you block the ports from viruses, which sometimes also use ports of legitimate services some customers won't really like you.
that help to stop many of the problems we (users) currently have (viri and spammers abusing "open" home machines)?
How do you want to protect the customers of an ISP from each other?
For example, I know about a corporate network (secured with a very restriced firewall) with around 4000 computers were they had also to fight against Blaster/Lovsan.
So this tells me, that the security has to be done at each host (eg. install security updates, don't run unnecessary services), anything else won't work and is only a placebo.
Of course it's important to remember the following two points: - Transparency: it should be very clearly stated *what* is blocked. - Openness: customers have the choice to turn off (or reconfigure) the filtering.
I would like to have it open, because i know how many supportcalls it gets, if anything is blocked. For example customers can't receive there emails because the personal firewall is blocking it, when the ip address of the mailserver has changed, but in the first place the question from the customer is about a problem with the mailserver.
With such a setup, the customers which don't know anything about the internet would be at least somewhat safer (depending on the implementation of the filtering), while the power users (which are able to maintain their machines) could have full internet access without filtering.
As I said, it is only a placebo, the customers feels safe and start every attachment which they get with email, and he does not need a virus scanner (save money!) on his computer, because "the ISP is doing the filtering", cool eh?
Similar like the person yesterday at Kassensturz said about the Cablecom modem which schould have had some protection in it. He did not ask, but he did just assume it was this way. I still can not belief that people are really this naive, but probably I'm already to deep in this dump. :)
A very clever version of a virus was reported to us today, which get past the up to date virus scanner on the mailserver, because it can not be scanned (password protected .zip): http://nic.phys.ethz.ch/news/1078306920/index_html
So also the responsibility of the user / admin on a computer is important, for example do not work with root / admin privileges, don't start programs which are sent to you, and so on.
If you want secure Internet there is a throttle like this (thx to Venty):
/\
usability |-----------------||----------------| security
\/
Adjust it as needed, eg with 100% security the internet can not be used anymore (disconnect your computer). Anything else is not possible.
bye Fabian ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
