Re: How to secure the Internet in three easy steps

[Scott Granados <scott () wworks net>]

Actually, I'm not certain but athome didn't seem to proxy or block
anything.  I ran my home linux box off at home for a while and never had
any problem with any ports including http and mail.  Also, it seems to me
that I tried something similar for a goof with an aol dialup and it worked
as well.


On Fri, 25 Oct 2002, Sean Donelan wrote:

> On Fri, 25 Oct 2002, Paul Vixie wrote:
> > > Not only that, but unless _everyone_ implements 2 and/or 3, all the bad
> > > people that exploit the things these are meant to protect will migrate to
> > > the networks that lack these measures, mitigating the benefits.
> >
> > not just the bad people.  all the people.  a network with 2 or 3 in place
> > is useless.  there is no way to make 2 or 3 happen.
>
> AOL?  I believe they proxy almost all their subscribers through several
> large datacenters, and don't allow users to run their own servers.
>
> @Home prohibited customer servers on their network, blocked several
> ports, and proxied several services.
>
> Its common for ISPs outside of the US to force their customers to
> use the ISP's web proxy server, even hijacking connections which attempt
> to bypass it.
>
> As part of their anti-spam efforts, several providers block SMTP port 25,
> and force their subscribers to only use that provider's SMTP relay/proxy
> to send mail.  Why not extend those same restrictions to other (all)
> protocols?
>
> Many corporate networks already proxy all their user's traffic, and
> prohibit direct connections through the corporate firewalls.
>
> I think its a bad idea, but techincally I have a hard time saying its
> technically impossible.