Slashdot Mirror


Should ISPs Be The Little Man's Firewall?

Anonymous Coward writes "In a paper published today, the point is made that ISPs should filter some ports (e.g. 135) for good. I guess given what everyone sees hitting their various firewalls these days, this may make sense. But wasn't the Internet supposed to be 'open' at one point? Or are we to the point where Internet=Web (and maybe AIM). The author of the paper is operating DShield and I guess has some insight into this issue. He made the same points before on various mailing lists."

7 of 790 comments (clear)

  1. HELP ME! I'M TURNING INTO A GOAT by Anonymous Coward · · Score: -1, Troll

    Please help me! I fucked the goatman yesterday and this morning I woke up to find I had gray fur all over my body. Already my hands and feet are turning into hooves, so I can barely type this. If someone doesn't help me fast I think I may bec -- BAAAHH! BAAAH!! g 90 90 ajg0b j ojjoijow wv jba

  2. Article Text ..... In (Steve)Case of /.ing by Anonymous Coward · · Score: -1, Troll

    INT3RN3T SERVIEC PROVIEDRS DA LITLA MANS O??!??! WTF LOL ULRICH PHD
    SANS1!!!11 WTF INSTITUTE TEH!11!1 LOL FAST SPREAD OF NETWORK WORMS AND OTH3R R HAS FORCAD
    INTARN3T SERVIEC PROVIEDRS (ISPS) IN2 IMPL3MENTNG PAKET FILTERNG
    IN!!111 LOL SOME CAESS THIS IS TEH ONLY WAY 2 KEP TEH N3TWORK OP3RATNG BUT
    IT HAS BCOME COMON 2 BLOK CERTANE PORTS PARMAENNTLY AVEN DA THRAAT DIMINISHES1!!1!1 OMG LOL WA ARGU3 IN FAVOR OF LIMIETD LONG T3RM PORT
    BLOKNG1!!!111 WTF THIS PAEPR DO3S NOT INT3ND 2 PR3SENT A BALANC3D ARGUMENT
    IT!!111!1 OMG INTANDS 2 PROVIED A STARTNG POINT FOR A LARGAR DISCUSION OF THA
    ISUA
    INTRODUCTION
    A!!1111!1 LOL LARGE PARCANTAEG OF MALICIOUS TRAFIC IS FOCUS3D ON A SMAL NUMBR OF
    VULNERABILITEIS AND THERE ASOCIAETD PORTS[1]!!1!1!!! BLOKNG SOME OF TH3SA PORTS WIL ISOLAET
    INFECT3D MACHIENS AND SLOW DA SPR3AD OF MALICIOUS AU2NOMOUS CODE SUCH AS WORMS
    HOWEV3R1!!1! OMG DA VULN3RABLA SERVIECS USAD BY THESA WORMS DO HAEV LAGITIMAET USES!!11!!1! WTF IF
    SACURAD PROPERLY THEY CAN B US3D WITHOUT DA RISK OF INFACTION!!!! IN THIS PAEPR WA FOCUS
    ON ISPS TAHT PROVIED INT3RNET ACAS 2 CONSUMERS1!111! OMG WTF LOL THIS PAEPR ASUMAS TAHT A CONSUMER IS
    A HOM3 USAR OR A SMAL BUSIENS WITHOUT DEDICAETD IT STAF1!!11 OMG WTF LOL THIS PAEPR DOES NOT APLY 2
    BAKBONE INFRASTRUCTURE PROVIEDRS OR CO-LOCATION PROVIEDRS
    IN!!1!!! LOL PART OF THIS PAEPR WE ARGUE FOR BLOKNG PORTS COMONLY USED FOR MICROSOFT FIEL
    SHARNG AND RELAETD S3RVIECS SPECIFICALY PORTS 135 137 139 AND 45!!1!!!11 WTF LOL THESE PORTS AND
    IN PARTICULAR MICROSOFT FIEL SHARNG DRAW A LOT OF AT3NTION FROM R AUTHORS
    ARGUMANTS
    1PORT!1111!11 LOL BLOKNG DOAS NOT RESTRICT VALID DA1!!! OMG PORTS LISTED RAF3R3NCED PREVIOUSLY (135 137 139 AND 45) R USED BY
    MICROSOFT FIEL SHARNG AND VARIOUS OTHER MICROSOFT-SPECIFIC SERVIECS!111! OMG WTF HOWAV3R
    MICROSOFT DOES NOT R3COM3ND USA OF THESE SARVIECS ACROS A PUBLIC NETWORK AND IN FACT
    MICROSOFT ADVOCAETS BLOKNG TRAFIC ON TH3S3 PORTS AS A BST PRACTIEC!1111 WTF [2]
    2BLOKNG1111 LOL PORTS DOES NOT PRAVANT INOVATION
    A!!!! COMON ARGUMENT AGANEST PORT BLOKNG IS TAHT SUCH A PRACTIEC IF IMPLEM3NTED
    WIEDLY CAN RADUCE INOVATION1!!!1!!! OMG WTF NU APLICATIONS CANOT B D3VALOPAD IF PORTS R BLOKED
    1HTP/ISCSANSORG/2P10HTML
    2HTP/WWMICROSOFT COM/S3RVIECPROVIEDRS/COLUMNS/ISP_S ECURITYASP
    TAHT!1!!1 OMG WTF LOL CUD OTH3RWIES B USAD BY TH3SE APLICATIONS!!111111 LOL HOWAVER PORTS 135 137 139 AND
    45 R ALRAADY RES3RVED FOR WIEDLY USED APLICATIONS[3]1!!!111 WTF LOL AS A RASULT NU APLICATIONS
    SHUD NOT USE THESA PORTS AV3N IF TH3Y R OPEN FOR US3
    1ISPS111!!!1 WTF LOL R NOT RESPONSIBL3 FOR AND US3R 3QUIPM3NT
    ALTHOUGH!!!!!!!! ISPS CANOT FIX BUGS OR PATCH CUS2MAR SYSTEMS TH3Y R ABL3 2 LIMIT TH3
    IMPACT OF UNPATCH3D BUGY SOFTWAER!1!! BLOKNG TH3SE PORTS WIL DO MORA THAN PROTECT END
    USER AQUIPMANT!!!1 OMG WTF EXPLOIETD MACHIENS R FREQU3NTLY USED 2 LAUNCH DISTRIBUTED DENIAL OF
    SERVIEC (DOS) ATAKS OR 2 HOST HIGH TRAFIC "WAERZ" SIETS[4]11!!1!!1 OMG WTF 3ND USER SYSTEMS USED FOR
    DOS ATAKS AS W3L AS "WAERZ" SIETS CRAAET SIGNIFICANT TRAFIC!1!11! LOL THIS TRAFIC MAY B
    SUFICEINT 2 OVERWHELM ISP-OWNED INFRASTRUCTUR3 AND IT WIL IMPACT OTHER CUS2MERS OF
    THIS ISP
    3EXPLOIETD!111!!!! OMG MACHIENS IMPACT OTHAR CUS2MERS
    IF1!!! LOL A CUS2M3R CHOSES NOT 2 PATCH A SYST3M AND AS A R3SULT IS INFACTED WIT A WORM
    OR HAKAD IT IS UP 2 THIS CUS2M3R 2 CLAAN UP1!1!1 WTF HOW3VER OTHER CUS2MERS MAY B
    IMPACT3D DU3 2 TEH HIGH USE OF BANDWIDTH CAUSED BY TEH INFACTAD CUS2MAR[5]!!11! WTF LOL IN
    ADITION MANY REC3NT WORMS PR3FER 2 SCAN DA LOCAL NATWORK[6]!1!11!!1 WTF LOL AS A R3SULT CUS2MARS
    OF ISPS WIT MANY INFECTAD SYSTEMS WIL SE MORE MALICIOUS TRAFIC
    4BLOKNG!1!11 OMG LOL PORTS ALOWS ISPS 2 FOCUS ON OTH3R PROBLEMS
    PORT11!11!1 OMG WTF LOL FILT3RS R NOT PERFECT!!1!1 OMG IN PARTICULAR DA LIMIETD FILTERS DISCUS3D HER3 LEAEV
    PLANTY OF ROM FOR OTH3R VULNERABILITEIS!111! WTF HOWEVER TH3SA PORTS ACOUNT FOR A LARGE
    PERCENTAEG OF MALICIOUS ACTIVITY!1!1!1 LOL WHIEL A SIMPL3 FIX

  3. Re:Absolutely by JCMay · · Score: 1, Troll

    Filter by default - if you need your ports or you want to do your own firewalling then get the "advanced user" account that costs less but requires more responsibility from the user.


    Costs less? Are you kidding? They'd price it higher than the ports-closed standard account because it's "Advanced." Kinda like the phone company charging extra for touch tone over pulse, even though it takes more equipment (nowadays) to handle pulse dialing.
  4. ISPs should sue Microsoft by sunset · · Score: 0, Troll

    for f***ing up the Internet. It's another case of MS's total disregard for the commons, and their unwillingness to acknowledge the fiduciary responsibility that goes with having a monopoly.

  5. translation: Must ISP's clean up after Microsoft? by phr1 · · Score: 2, Troll

    Those port blockages (except for maybe 25) are workarounds for ridiculous MSFT security bugs. The proposal is that ISP's install blocks to work around the bugs. Shouldn't MSFT clean up its own mess?

  6. Re:In a word... by aaaurgh · · Score: 0, Troll

    "designed with all the intellegence at the ends"

    Unfortunately they forgot to factor in the general public, MS, IE and OE.

    --

    Go permanent? In your dreams and my worst nightmares.
  7. Some one has to do the work of Microsoft (nt) by Anonymous Coward · · Score: -1, Troll

    XD