Should ISPs Be The Little Man's Firewall?
Anonymous Coward writes "In a paper published today, the point is made that ISPs should filter some ports (e.g. 135) for good. I guess given what everyone sees hitting their various firewalls these days, this may make sense. But wasn't the Internet supposed to be 'open' at one point? Or are we to the point where Internet=Web (and maybe AIM). The author of the paper is operating DShield and I guess has some insight into this issue. He made the same points before on various mailing lists."
Please help me! I fucked the goatman yesterday and this morning I woke up to find I had gray fur all over my body. Already my hands and feet are turning into hooves, so I can barely type this. If someone doesn't help me fast I think I may bec -- BAAAHH! BAAAH!! g 90 90 ajg0b j ojjoijow wv jba
INT3RN3T SERVIEC PROVIEDRS DA LITLA MANS O??!??! WTF LOL ULRICH PHD
SANS1!!!11 WTF INSTITUTE TEH!11!1 LOL FAST SPREAD OF NETWORK WORMS AND OTH3R R HAS FORCAD
INTARN3T SERVIEC PROVIEDRS (ISPS) IN2 IMPL3MENTNG PAKET FILTERNG
IN!!111 LOL SOME CAESS THIS IS TEH ONLY WAY 2 KEP TEH N3TWORK OP3RATNG BUT
IT HAS BCOME COMON 2 BLOK CERTANE PORTS PARMAENNTLY AVEN DA THRAAT DIMINISHES1!!1!1 OMG LOL WA ARGU3 IN FAVOR OF LIMIETD LONG T3RM PORT
BLOKNG1!!!111 WTF THIS PAEPR DO3S NOT INT3ND 2 PR3SENT A BALANC3D ARGUMENT
IT!!111!1 OMG INTANDS 2 PROVIED A STARTNG POINT FOR A LARGAR DISCUSION OF THA
ISUA
INTRODUCTION
A!!1111!1 LOL LARGE PARCANTAEG OF MALICIOUS TRAFIC IS FOCUS3D ON A SMAL NUMBR OF
VULNERABILITEIS AND THERE ASOCIAETD PORTS[1]!!1!1!!! BLOKNG SOME OF TH3SA PORTS WIL ISOLAET
INFECT3D MACHIENS AND SLOW DA SPR3AD OF MALICIOUS AU2NOMOUS CODE SUCH AS WORMS
HOWEV3R1!!1! OMG DA VULN3RABLA SERVIECS USAD BY THESA WORMS DO HAEV LAGITIMAET USES!!11!!1! WTF IF
SACURAD PROPERLY THEY CAN B US3D WITHOUT DA RISK OF INFACTION!!!! IN THIS PAEPR WA FOCUS
ON ISPS TAHT PROVIED INT3RNET ACAS 2 CONSUMERS1!111! OMG WTF LOL THIS PAEPR ASUMAS TAHT A CONSUMER IS
A HOM3 USAR OR A SMAL BUSIENS WITHOUT DEDICAETD IT STAF1!!11 OMG WTF LOL THIS PAEPR DOES NOT APLY 2
BAKBONE INFRASTRUCTURE PROVIEDRS OR CO-LOCATION PROVIEDRS
IN!!1!!! LOL PART OF THIS PAEPR WE ARGUE FOR BLOKNG PORTS COMONLY USED FOR MICROSOFT FIEL
SHARNG AND RELAETD S3RVIECS SPECIFICALY PORTS 135 137 139 AND 45!!1!!!11 WTF LOL THESE PORTS AND
IN PARTICULAR MICROSOFT FIEL SHARNG DRAW A LOT OF AT3NTION FROM R AUTHORS
ARGUMANTS
1PORT!1111!11 LOL BLOKNG DOAS NOT RESTRICT VALID DA1!!! OMG PORTS LISTED RAF3R3NCED PREVIOUSLY (135 137 139 AND 45) R USED BY
MICROSOFT FIEL SHARNG AND VARIOUS OTHER MICROSOFT-SPECIFIC SERVIECS!111! OMG WTF HOWAV3R
MICROSOFT DOES NOT R3COM3ND USA OF THESE SARVIECS ACROS A PUBLIC NETWORK AND IN FACT
MICROSOFT ADVOCAETS BLOKNG TRAFIC ON TH3S3 PORTS AS A BST PRACTIEC!1111 WTF [2]
2BLOKNG1111 LOL PORTS DOES NOT PRAVANT INOVATION
A!!!! COMON ARGUMENT AGANEST PORT BLOKNG IS TAHT SUCH A PRACTIEC IF IMPLEM3NTED
WIEDLY CAN RADUCE INOVATION1!!!1!!! OMG WTF NU APLICATIONS CANOT B D3VALOPAD IF PORTS R BLOKED
1HTP/ISCSANSORG/2P10HTML
2HTP/WWMICROSOFT COM/S3RVIECPROVIEDRS/COLUMNS/ISP_S ECURITYASP
TAHT!1!!1 OMG WTF LOL CUD OTH3RWIES B USAD BY TH3SE APLICATIONS!!111111 LOL HOWAVER PORTS 135 137 139 AND
45 R ALRAADY RES3RVED FOR WIEDLY USED APLICATIONS[3]1!!!111 WTF LOL AS A RASULT NU APLICATIONS
SHUD NOT USE THESA PORTS AV3N IF TH3Y R OPEN FOR US3
1ISPS111!!!1 WTF LOL R NOT RESPONSIBL3 FOR AND US3R 3QUIPM3NT
ALTHOUGH!!!!!!!! ISPS CANOT FIX BUGS OR PATCH CUS2MAR SYSTEMS TH3Y R ABL3 2 LIMIT TH3
IMPACT OF UNPATCH3D BUGY SOFTWAER!1!! BLOKNG TH3SE PORTS WIL DO MORA THAN PROTECT END
USER AQUIPMANT!!!1 OMG WTF EXPLOIETD MACHIENS R FREQU3NTLY USED 2 LAUNCH DISTRIBUTED DENIAL OF
SERVIEC (DOS) ATAKS OR 2 HOST HIGH TRAFIC "WAERZ" SIETS[4]11!!1!!1 OMG WTF 3ND USER SYSTEMS USED FOR
DOS ATAKS AS W3L AS "WAERZ" SIETS CRAAET SIGNIFICANT TRAFIC!1!11! LOL THIS TRAFIC MAY B
SUFICEINT 2 OVERWHELM ISP-OWNED INFRASTRUCTUR3 AND IT WIL IMPACT OTHER CUS2MERS OF
THIS ISP
3EXPLOIETD!111!!!! OMG MACHIENS IMPACT OTHAR CUS2MERS
IF1!!! LOL A CUS2M3R CHOSES NOT 2 PATCH A SYST3M AND AS A R3SULT IS INFACTED WIT A WORM
OR HAKAD IT IS UP 2 THIS CUS2M3R 2 CLAAN UP1!1!1 WTF HOW3VER OTHER CUS2MERS MAY B
IMPACT3D DU3 2 TEH HIGH USE OF BANDWIDTH CAUSED BY TEH INFACTAD CUS2MAR[5]!!11! WTF LOL IN
ADITION MANY REC3NT WORMS PR3FER 2 SCAN DA LOCAL NATWORK[6]!1!11!!1 WTF LOL AS A R3SULT CUS2MARS
OF ISPS WIT MANY INFECTAD SYSTEMS WIL SE MORE MALICIOUS TRAFIC
4BLOKNG!1!11 OMG LOL PORTS ALOWS ISPS 2 FOCUS ON OTH3R PROBLEMS
PORT11!11!1 OMG WTF LOL FILT3RS R NOT PERFECT!!1!1 OMG IN PARTICULAR DA LIMIETD FILTERS DISCUS3D HER3 LEAEV
PLANTY OF ROM FOR OTH3R VULNERABILITEIS!111! WTF HOWEVER TH3SA PORTS ACOUNT FOR A LARGE
PERCENTAEG OF MALICIOUS ACTIVITY!1!1!1 LOL WHIEL A SIMPL3 FIX
Costs less? Are you kidding? They'd price it higher than the ports-closed standard account because it's "Advanced." Kinda like the phone company charging extra for touch tone over pulse, even though it takes more equipment (nowadays) to handle pulse dialing.
for f***ing up the Internet. It's another case of MS's total disregard for the commons, and their unwillingness to acknowledge the fiduciary responsibility that goes with having a monopoly.
Those port blockages (except for maybe 25) are workarounds for ridiculous MSFT security bugs. The proposal is that ISP's install blocks to work around the bugs. Shouldn't MSFT clean up its own mess?
"designed with all the intellegence at the ends"
Unfortunately they forgot to factor in the general public, MS, IE and OE.
Go permanent? In your dreams and my worst nightmares.
XD