nanog mailing list archives
Re: Wired mag article on spammers playing traceroute games with trojaned boxes
From: Vinny Abello <vinny () tellurian com>
Date: Thu, 09 Oct 2003 13:03:48 -0400
At 12:53 PM 10/9/2003, you wrote:
On 9 Oct 2003, at 12:19, Vinny Abello wrote:Personally, I think preventing residential broadband customers from hosting servers would limit a lot of that. I'm not saying that IS the solution. Whether or not that's the right thing to do in all circumstances for each ISP is a long standing debate that surfaces here from time to time. Same as allowing people to host mail servers on cable modems or even allowing them to access mail servers other than the ISP's."Hosting a server" looks very similar to "using an ftp client in active mode", "playing games over the network" or "using a SIP phone" to the network. Enumerating all permissible "servers" and denying all prohibited ones arguably requires an unreasonable shift of intelligence into the network. Allowing inbound connections by default and blocking specific types of traffic reactively has been demonstrated not to be an adequate solution, I think.A more aggressive policy of blocking all inbound connections (and analogues using connectionless protocols) essentially denies direct access between edge devices, which implies quite an architectural shift.I think it's more complicated than "prevent residential users from hosting servers".
Absolutely, and I was just referring to certain things, not all inbound access. I mentioned before that it doesn't really make much sense with web hosting because the port can easily be changed so it's not very effective at all. Blocking people from hosting mail servers that receive mail and can't send mail directly could be enforced much more easily than the web example so my original thought doesn't really apply all that much to web stuff, but then again I stated I didn't say that IS the solution to anything. Just a thought that's been kicked around forever that we've all heard. :)
Vinny Abello Network Engineer Server Management vinny () tellurian com (973)300-9211 x 125 (973)940-6125 (Direct) PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0 E935 5325 FBCB 0100 977A Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com (888)TELLURIANThere are 10 kinds of people in the world. Those who understand binary and those that don't.
Current thread:
- Re: Wired mag article on spammers playing traceroute games with trojaned boxes, (continued)
- RE: Wired mag article on spammers playing traceroute games with trojaned boxes McBurnett, Jim (Oct 09)
- RE: Wired mag article on spammers playing traceroute games with trojaned boxes Vinny Abello (Oct 09)
- Re: Wired mag article on spammers playing traceroute games with trojaned boxes Joe Boyce (Oct 09)
- Re: Wired mag article on spammers playing traceroute games with trojaned boxes Vinny Abello (Oct 09)
- Re: Wired mag article on spammers playing traceroute games with trojaned boxes jlewis (Oct 09)
- Re: Wired mag article on spammers playing traceroute games with trojaned boxes John Capo (Oct 09)
- RE: Wired mag article on spammers playing traceroute games with trojaned boxes Vinny Abello (Oct 09)
- Re: Wired mag article on spammers playing traceroute games with trojaned boxes Jeremy T. Bouse (Oct 09)
- Re: Wired mag article on spammers playing traceroute games with trojaned boxes Jack Bates (Oct 09)
- Re: Wired mag article on spammers playing traceroute games with trojaned boxes Joe Abley (Oct 09)
- Re: Wired mag article on spammers playing traceroute games with trojaned boxes Vinny Abello (Oct 09)
- Re: Wired mag article on spammers playing traceroute games with trojaned boxes Mike Tancsa (Oct 09)