Slashdot Mirror

← Back to Stories (view on slashdot.org)

Should ISPs Be The Little Man's Firewall?

Posted by timothy on from the then-the-spammers-have-won dept.

Anonymous Coward writes "In a paper published today, the point is made that ISPs should filter some ports (e.g. 135) for good. I guess given what everyone sees hitting their various firewalls these days, this may make sense. But wasn't the Internet supposed to be 'open' at one point? Or are we to the point where Internet=Web (and maybe AIM). The author of the paper is operating DShield and I guess has some insight into this issue. He made the same points before on various mailing lists."

3 of 790 comments (clear)

  1. Power users should be able to opt-out by Plix · · Score: 5, Interesting

    While I agree with the point I think that power users should be allowed to call up the ISP (maybe even at initial sign-up) and be allowed to request that the ports remain unblocked. Otherwise, the internet *will* become just the web and AIM for everyone if they like it or not.

  2. Absolutely by nickd · · Score: 5, Interesting

    This is another case of where techies do not think about things from the customers point of view. Of course most slashdotters will want their ports open - the customers on the other hand dont know what a firewall is, what the implications of their ports are etc - quite frankly they shouldnt need to.

    Filter by default - if you need your ports or you want to do your own firewalling then get the "advanced user" account that costs less but requires more responsibility from the user.

    If anything this is just an opportunity for ISP's to make another value added service to sell.

  3. A NZ telco provides self managed virtual firewalls by Anonymous Coward · · Score: 5, Interesting

    Telecom New Zealand currently offers its business customers a service that allows the customer to configure their own VFW (Virtual FireWall). Changes made to the config of the customers VFW via a https web server are immediately sent to the firewall (inside the Telecom network). While the customer does not have the ability to change the outgoing NAT address of the VFW most other options one would expect from a firewall sitting in the office are available such as; selecting Src/Dst IP, Protocol, Src/Dst ports etc. Incoming services such as customer managed web servers etc. can be set up by the customer though this does require you to pay for an "extra" Public IP address. The firewall follows state and is designed to support large numbers of unique customer networks with overlapping private address space. All in all its a very sexy thing. Sadly there isn't much technical detail on how the system works but the sales blurb makes for interesting reading. http://www.telecom.co.nz/securebusinessinternet/