RE: Customer-facing ACLs

["Carpenter, Jason" <Jason.Carpenter () citadelgroup com>]

That's the problem isn't it? Who decides what can and cant go through. I think the tier approach is better, a basic 
user account where everything is blocked and a Sysadmin type account where everything is open. If the price is 
different enough then only people who are going to use those extra ports will actually pay for it.

-----Original Message-----
From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of Scott Weeks
Sent: Friday, March 07, 2008 5:57 PM
To: nanog () merit edu
Subject: Re: Customer-facing ACLs




--- dave.nanog () alfordmedia com wrote:

> To me there is no question of whether or not you filter traffic for
> residential broadband customers.

SBC in my area (Dallas) went from wide open to outbound 25 blocked by
default/opened on request. I think doing the same thing with port 22 would
hardly be an undue burden on users, and would help keep botnets in check.
------------------------------------------------


Might as well do TCP 20, 21 and 23, too.  Woah, that slope's getting slippery!

scott



CONFIDENTIALITY AND SECURITY NOTICE

The contents of this message and any attachments may be confidential and proprietary and also may be covered by the 
Electronic Communications Privacy Act. This message is not intended to be used by, and should not be relied upon in any 
way by, any third party.  If you are not an intended recipient, please inform the sender of the transmission error and 
delete this message immediately without reading, disseminating, distributing or copying the contents. Citadel makes no 
assurances that this e-mail and any attachments are free of viruses and other harmful code.