RE: [MISC] SBC Blocks Port 25 - No Exceptions.

["David Schwartz" <davids () webmaster com>]

> Approximately an hour ago, we lost TCP port 25 from/to anywhere.
> This, on our "Business-Class DSL" line.  A call to SWB confirms that:
>
> (a) The decision to block *everyone* was made some time ago;
> (b) SWB chose not to notify anyone of this impending change;
> (c) There are NO exceptions.  Just how this "service" qualifies as a
> "Business Class DSL" is anyone's guess.
> (d) While they state that they will offer relay services, to get them
> requires that you fill out a form and send it in to SWB for
> processing: a
> process that could take "several weeks".

        If you signed a contract that allows your ISP to place permanent,
non-emergency filters on your line that filter out any content they decide
they don't like with no notification and no way for you to opt out, you're a
fool. If you didn't, then you should complain loudly (and if necessary sue)
for their violation of your contract.

        When I negotiate deals with ISPs to provide business class service, these
types of things are often the most complicated part of the negotiations. You
should definitely demand the following and not choose an ISP that doesn't
provide it:

        1) Notification of all filters that will be applied to all packets destined
to your IP addresses or sourced from your line. At least 3 business days
ahead in non-emergency situations and as soon as practical in emergency
situations.

        2) The ability to opt out of any and all filters that the ISP might place
upon packets destined for your IP addresses or sourced by your circuit with
the following exceptions:

        A) Packets destined for IP addresses that the ISP knows are not valid.

        B) Packets sourced from IP addresses that the ISP does not know belongs to
you.

        C) Emergency filters placed to deal with a problem that is in progress.
Such filters may only be kept as long as the problem is actually ongoing and
may not be more restrictive than is reasonably necessary to deal with the
emergency.

        D) Future filters that are the result of technical necessity. These must be
reasonably constructed so that they are as narrow as possible to block out
only known harmful or malicious traffic.

        3) Filters blocking based on IP protocol, ICMP type, TCP or UDP port, are
never considered technically necessary. Specifically, blocking all SCTP, for
example, or all packets with unknown IP protocol fields may only be done on
an emergency basis or with an opt out option.

        4) The ISP specically waives any right to consider its filtering policies a
trade secret or otherwise confidential as a means of keeping you from
getting access to the policies. They may request that you not disclose them
(and you can commit to honor this request).

        DS


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html