Security Incidents mailing list archives
Re: A question for the list...
From: "Keith W. McCammon" <keith-list () mccammon org>
Date: Wed, 21 May 2003 13:00:31 -0400
* ISP would block all ports for incoming traffic by default, at least for residential customers, and preferable for corporate customers as well.
I think that if you've ever tried to perform this type of packet filtering in a provider-level network, you'd change your opinion in a heartbeat. It's just not practical. And I'll leave be the issues of privacy and accountability. First of all, it would be a nightmare to manage the access-lists themselves. Add to that the fact that it would be impossible to objectively grant or deny access to services. Who is my ISP to say what services are adequately secured and permissible? Second, and this is the whopper, such a system would bring the routing devices themselves to their knees. If you've ever tried to implement even basic packet filtering on an OC-X circuit, it ain't pretty. And it doesn't become any more feasible at lower speeds, because lower speeds just mean more circuits, which is arguably even worse.
I am aware that most ISP's are operating within tight budgets, I am less aware of the impact of such a scheme on costs.
The costs would substantial, and would, without a doubt, be passed directly and entirely to the customer.
One benefit for the ISP would be a reduced load on abuse@.. A benefit for the customer would be reduced maintenance and clean-up costs. The benefits for the community are obvious.
The cost of hiring more abuse monkeys (no offense, folks!) would be a flash in the pan compared to the proposed alternative.
What do you think ?
In a perfect world, it would be a good idea. But in practice: very, very unlikely. If it were to materialize at some point, it would only be because of a government regulation, and would have huge financial implications from the highest level of providers to the smallest of clients. Just my $.02... Keith ---------------------------------------------------------------------------- *** Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs. To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-incidents ----------------------------------------------------------------------------
Current thread:
- RE: A question for the list..., (continued)
- RE: A question for the list... Rob Shein (May 19)
- Re: A question for the list... Andy Shelley (May 20)
- RE: A question for the list... John McCracken (May 20)
- Re: A question for the list... Anders Reed Mohn (May 20)
- RE: A question for the list... Dave Sharp (May 20)
- Re: A question for the list... Ray Stirbei (May 21)
- RE: A question for the list... Bojan Zdrnja (May 26)
- Re: A question for the list... Ray Stirbei (May 21)
- Re: A question for the list... Steven (May 20)
- Re: A question for the list... Chip Mefford (May 21)
- RE: A question for the list... Luc Pardon (May 21)
- Re: A question for the list... Keith W. McCammon (May 22)
- Re: A question for the list... Steve Barnet (May 22)
- Re: A question for the list... Gary Flynn (May 23)
- Re: A question for the list... Valdis . Kletnieks (May 25)
- Re: A question for the list... Dave Booth (May 22)
- RE: A question for the list... Rob Shein (May 19)
- Re: A question for the list... Kevin Reardon (May 22)
- Re: A question for the list... Brian Finn (May 22)
- Re: A question for the list... Kevin Reardon (May 23)
- Re: A question for the list... Brian Finn (May 22)
- RE: A question for the list... King, Brian (May 22)
- Re: A question for the list... Kevin Reardon (May 23)
- Re: A question for the list... Stephen P. Berry (May 23)