RE: ISPs' willingness to take action

[Adam Hall <Adam.Hall () networktelephone net>]

Brian.. I would agree with you that sometimes, you can't offer "filtered
pipe" services to everyone and expect the same general acceptance of the
product across the board.  However, how much liability should a business
take-on when abuse@ accounts are filling up daily because hundreds of
customers not keeping up with Windows Update?

We put in filters our WAN a few months back when everyone was feeling the
wraths of the various Windows exploit of the week.  Still today, we make no
exceptions to this rule.  We've even lost a few customers in the process,
I'm sure.  

My issue is that in most cases (minus a few exceptions, of course) service
providers are bombarded with complaints from customers that a) don't know
how to change the default Exchange ports away from 135/139 or the security
risk in broadcasting 135/139 to the world, b) didn't think they should have
to worry about it (even as they were broadcasting from infected servers and
machines on their network), or c) have a textbook MCSE, crash-course CCNA
network administrator/consultant didn't really have an understanding of what
was going on or how they should respond to it.  Personally, I'm beginning to
feel doubt that the technology industry will be able to maintain the level
of competence and respect that we all need and deserve to have.  I can't
imagine what the health care industry would be like if ignorance was
embraced as well as it seems to be in the technology industry.

-Adam

> Problem is, some applications, like Outlook for example (if I remember
correctly), like to >use the 135, 137, 139 and others to connect to the
Exchange server.  You block them, and 
> it will start to croak.  You have a lot of home users not using a VPN to
connect to their
> office exchange servers. I used to do this myself at times.

> When you sell a service to someone, and neglect to mention you block
certain incoming 
> ports, especially to a possible business user or home user trying to access
their office, >you put yourself in a really bad position.

> > By the way, can anybody explain to me a legitimate use for port 
> > 135/137 traffic across the Internet, like it's somebody's private LAN?  
> > Seems to me anybody who still thinks that's legitimate is living in the
past.

> > So, the big question: why don't ISPs do more of this?  Are they afraid 
> > of client reaction?  Doesn't wash, for me: most clients would be 
> > highly grateful, and all it really takes for the remainder is fair 
> > warning. Cost?
> > Again, you can judge for yourselves how low the fruit you choose to 
> > pick; the biggest gains have the best ROI.

> > Happy clients, liberated bandwidth, faster servers -- what's to loose?