nanog mailing list archives
Re: Customer-facing ACLs
From: Dave Pooser <dave.nanog () alfordmedia com>
Date: Fri, 07 Mar 2008 21:38:30 -0600
Just straight up blocking outbound ports (with the debatable exception of port 25) seems heavy handed and too slanted toward admin convenience over customer satisfaction. It's a slippery slope because unlike with spam, people who are affected by brute force attacks have some degree of complicity through either negligance or laziness.
Sure, and I could* make the argument that since I have great spam filtering inbound I don't have to care about outbound spam from my network because if you receive it it's because of your negligence/laziness. But I think that in the case of spam as in the case of brute force attacks it's still the network operator's obligation to be a good netizen providing doing so places no undue burden on his own customers or his own staff. Blocking port 25 outbound for dynamic users until they specifically request it be unblocked seems to me to meet the "no undue burden" test; so would port 22 and 23. Beyond that, I'd probably be hesitant until I either started getting a significant number of abuse reports about a certain flavor of traffic that I had reason to believe was used by only a tiny minority of my own users. *but won't, ever -- Dave Pooser, ACSA Manager of Information Services Alford Media http://www.alfordmedia.com
Current thread:
- Re: Customer-facing ACLs, (continued)
- Re: Customer-facing ACLs Jo Rhett (Mar 10)
- Re: Customer-facing ACLs Christopher Morrow (Mar 11)
- Re: Customer-facing ACLs Scott Weeks (Mar 07)
- Re: Customer-facing ACLs Justin Shore (Mar 07)
- Re: Customer-facing ACLs Dave Pooser (Mar 07)
- Re: Customer-facing ACLs Joel Jaeggli (Mar 07)
- Re: Customer-facing ACLs Justin Shore (Mar 07)
- Re: Customer-facing ACLs Jo Rhett (Mar 10)
- Re: Customer-facing ACLs Scott Weeks (Mar 07)
- RE: Customer-facing ACLs Carpenter, Jason (Mar 07)
- Re: Customer-facing ACLs Dave Pooser (Mar 07)
- Re: Customer-facing ACLs Andy Dills (Mar 07)
- Re: Customer-facing ACLs Dave Pooser (Mar 07)
- Re: Customer-facing ACLs Mark Foster (Mar 07)
- RE: Customer-facing ACLs Frank Bulk (Mar 07)
- Re: Customer-facing ACLs Joel Jaeggli (Mar 07)
- RE: Customer-facing ACLs Frank Bulk - iNAME (Mar 08)
- Re: Customer-facing ACLs Justin Shore (Mar 08)
- RE: Customer-facing ACLs Frank Bulk - iNAME (Mar 08)
- Re: Customer-facing ACLs Dave Pooser (Mar 07)
- Re: Customer-facing ACLs Mark Foster (Mar 07)
- Re: Customer-facing ACLs Dave Pooser (Mar 08)
- Re: Customer-facing ACLs Jay Hennigan (Mar 08)