Slashdot Mirror
Should ISPs Be The Little Man's Firewall?
Anonymous Coward writes "In a paper published today, the point is made that ISPs should filter some ports (e.g. 135) for good. I guess given what everyone sees hitting their various firewalls these days, this may make sense. But wasn't the Internet supposed to be 'open' at one point? Or are we to the point where Internet=Web (and maybe AIM). The author of the paper is operating DShield and I guess has some insight into this issue. He made the same points before on various mailing lists."
relies on me to find the latest virii/worms that are going to pound the bandwidth, get their port numbers, and setup ACL's accordingly. Not only do the customers like it, it gives us more time to patch our hundreds of machines, and decreases our incoming bandwidth.
Overall, I help stop another hundred thousand or so Win32 users from pounding the net to death. I don't see how anyone could see this as a bad thing. (welcome input)
Get paid to code OSS
I disagree. It should be OPT-OUT. The idea is to protect the clueless, and the rest of the net FROM the clueless.
If you know anything about opening a port, then you are ahead of 99% of those connected, and know what you are doing. Thus, you can opt out.
This wouldn't prevent you from using blocked ports.
It would be, by far, less of an inconvenience that the shit that goes on now with everything wide open.
Learning HOW to think is more important than learning WHAT to think.
Err can we get clarify this
If everyone is subscribed by default, it's out-out.
Opt-in means you don't have it until you ask.
The word you mean is opt, not opt-in, not opt-out. You opt to get the service in opt-int. And you opt out of the service, in opt-out.
Spam right now is "opt-out" you get it until you sue the spammer. Software development mailing lists are opt-in, you have to confirm you want it, before they give it to you.
And another thing, knowing the profit margins of local isps, don't expect firewalling to be free, that's kinda good, if they make it an "option" say 1-2$/month/ip protected. That would make some larger providers happy too, they want you to pay more the more machines you have. (Nat of course, covers that, but that is a firewall function, isn't it?
Case in point: I was not affected at all by Sobig.F directly, however I did see my mail gateways come under incredible load, my IDS's fill DB's with Sobig warnings, my users encounter endless confusion at bouncebacks from dumb virus scanners that claim we are infected since Sobig is a SMTP forger. Sobig wasted a lot of my resources and time even though it didn't infect a single one of my 1700+ users. It was rather benign though, I'm afraid of what comes next.
Revolutions are never about freedom or justice. They're about who's going to be top dog. -- Kilgore Trout
Some people like my dad just want to use the internet, and they don't care how it works, they pay money for an ISP and they expect them to make it work.
James
is that it costs real money to block ports. ISPs have big routers and the cpu cycles of those routers are expensive. Blocking ports takes additonal cpu cycles, so ISPs need to have a strong business reason to start blocking.
The real "Libtards" are the Libertarians!
you know that pop3 can preview messages (using top msgnum no_lines) and delete with the command "dele msgnum".
So you don't have to download all the files to delete them, pop3 has features in place. You just need a decent mailreader or telnet to use the functionality (some MUAs does implement a kind of preview before download).
Oh, and by the way: Even before I opted out of their firewall, I could play pretty much all online games (but not host). So I suppose very few people will even notice they have the firewall.