Firewall Wizards mailing list archives
Re: The home user problem returns
From: Mason Schmitt <mason () schmitt ca>
Date: Tue, 13 Sep 2005 14:43:46 -0700
PLEASE explain to me how my P2P app is going to affect you - my ISP - or my neighbor?In a shared bandwidth scenario, the pron surfing kid and your p2p connections are not mutually exclusive, they both have exactly the same impact.
I should point out; it's true that the ISP game is an over subscription game. It has to be in order for the home user to pay as little as they do. If you want a dsl or cable modem's worth of bandwidth absolutely guaranteed to you at all hours of the day AND you want to be able to shovel all the data you can through that pipe, then you can get it, it just costs more - a lot more. Try pricing out a measly T1 some time. But, over subscription problems and p2p are not what I'm talking about here at all. Those are just network and bandwidth management issues that I'm not attempting to bring to this list. My concern is with people that want a wide open, unrestricted, give-me-all-my-bad-stuff-it-mine kind of connection and don't think about the impact that attitude has with others sharing the same ISP, or for that matter, those behind other ISPs. I think I've made my point clear that ISPs need to get involved in protecting those that are ignorant and laying fully exposed. This is a network security/firewall sort of issue and one that I'd hoped would be considered relevant to this list (it appears to be so far).
On another note to this thread as a whole; beside ingress and egress filtering, how much might ISP's suffer for correcting some of the windows network protocol errors by not passing ports 135-139, 445 and 5000 etc across perimiters? Or even allowing them to braodcast witin the ISP's realm? Certainly would work to neuter the M$ issues to a low noise level would it not?
This is exactly the kind of ingress and egress filtering I'm talking about. We've avoided, by having these filters in place, some fairly nasty worm epidemics that wreaked havoc at other ISPs. None of the traffic typically associated with those ports has any business whatsoever moving beyond the confines of the home user's local network or any LAN for that matter. Again, for most networks, this is absolutely the wrong way to approach the problem, but for an ISP, those filters and anti spoofing filters have taken a big chunk out of the low hanging fruit. -- Mason _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: The home user problem returns, (continued)
- Message not available
- Re: The home user problem returns Mason Schmitt (Sep 08)
- Message not available
- Re: The home user problem returns Antonomasia (Sep 12)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- RE: The home user problem returns Brian Loe (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- RE: The home user problem returns Brian Loe (Sep 13)
- RE: The home user problem returns Marcus J. Ranum (Sep 13)
- RE: The home user problem returns Brian Loe (Sep 13)
- RE: The home user problem returns Brian Loe (Sep 13)
- Re: The home user problem returns Jim Seymour (Sep 13)
- RE: The home user problem returns R. DuFresne (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- Re: The home user problem returns David Lang (Sep 14)
- Re: The home user problem returns mason (Sep 14)
- Re: The home user problem returns David Lang (Sep 14)
- RE: The home user problem returns Bill Royds (Sep 13)
- RE: The home user problem returns Hile . William (Sep 22)
- RE: The home user problem returns Jim Seymour (Sep 13)
- RE: The home user problem returns Brian Loe (Sep 13)
- Re: The home user problem returns R. DuFresne (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)