Send firewall-wizards mailing list submissions to
firewall-wizards@honor.icsalabs.com
To subscribe or unsubscribe via the World Wide Web, visit
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@honor.icsalabs.com
You can reach the person managing the list at
firewall-wizards-admin@honor.icsalabs.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."
Today's Topics:
1. Re: The home user problem returns (Mason Schmitt)
2. RE: The home user problem returns (Brian Loe)
3. Re: The home user problem returns (Mason Schmitt)
4. Re: The home user problem returns (Mason Schmitt)
5. Re: The home user problem returns (Chris Blask)
6. RE: The home user problem returns (Brian Loe)
--__--__--
Message: 1
Date: Mon, 12 Sep 2005 14:31:27 -0700
From: Mason Schmitt <mason@schmitt.ca>
To: Paul Melson <pmelson@gmail.com>
Cc: "'Marcus J. Ranum'" <mjr@ranum.com>,
firewall-wizards@honor.icsalabs.com
Subject: Re: [fw-wiz] The home user problem returns
> We'll be lucky to have the
> ability to find out what personal information of ours is being stored and
> traded by the organizations that have it, let alone have the power to take
> it away from them.
This is going to be a huge mess in a year or so. More so than it is
already. My wife recently went shopping our mortgage around. Once she
was done, she went back to all the places that didn't get our business
and told them to remove all her records. Each place she went to was
flabbergasted. They viewed that info as theirs. I'm not sure what her
success rate was, but she was pretty forceful on that point.
> Sadly, I am confident that if it does happen, it will be
> as a reaction to a major info-disaster that has serious negative fall-out
> for a large portion of American citizens.
>
And the rest of the world... Hello! There are others here too! ;)
--
Mason
--__--__--
Message: 2
From: "Brian Loe" <knobdy@stjoelive.com>
To: "'Mason Schmitt'" <mason@schmitt.ca>,
<firewall-wizards@honor.icsalabs.com>
Subject: RE: [fw-wiz] The home user problem returns
Date: Mon, 12 Sep 2005 16:47:20 -0500
> I think you're wrong.
Well, you are entitled to think that. :)
> When you have irate customers on the phone saying that the
> fact their computer is infected is your fault, or that they
> are getting all this spam and we should be doing something
> about it, or that their connection is horribly slow and we
> explain that it's because their computer is filled to the
> gills with spyware and the customer has accidentally left a
> p2p app running that allows un-restricted uploads, then I do
> think that the ISP should be doing something about it.
I think you're wrong. I don't think an ISP should baby-sit anymore than I
think the government should. We are all responsible for our own actions.
That's life. Its called personal responsibility and I support it
wholeheartedly.
> If enough customers demand something of a business, it's
> generally within that business's best interest to listen to
> their customers.
ONLY, and I mean ONLY, if that business has provided its customers with the
idea that it CAN control such things. What we're finding now is that
customers are getting even more dissatisfied with their providers because
they can NOT prevent it from happening - it's CUSTOMER INITIATED!!!! The
spam, the viruses...you can't prevent me, your customer, from being stupid.
Trying to do so only ruins the service for all of us. Now MY bandwidth is
getting eaten by your good intentions just because my neighbor can't keep
his teenager off the porn sites.
Conversely, my sharing music over a P2P connection has absolutely NO bearing
on my neighbor, or you - my ISP, because I'm PAYING for that bandwidth...and
surely you're not going to give me extra, right? Of course not. In fact, if
you're an ISP of any size you're actually selling more bandwidth than you
can actually provide. Sure, you can have a 5 meg pipe to your house - all
50k of you - our DS3 can provide that!!
> If you happen to be in the minority that
> doesn't want or need this sort of service, then perhaps the
> ISP can find a way to give you access to your crap, but if
> it's going to affect the other users that have expressed that
> they don't want that crap, then you're probably going to find
> yourself hunting for another ISP. I expect and hope that
> this is exactly what more and more ISPs will begin to do, now
> that the problems are getting so bad.
PLEASE explain to me how my P2P app is going to affect you - my ISP - or my
neighbor?
--__--__--
Message: 3
Date: Mon, 12 Sep 2005 15:21:18 -0700
From: Mason Schmitt <mason@schmitt.ca>
To: Brian Loe <knobdy@stjoelive.com>
Cc: firewall-wizards@honor.icsalabs.com
Subject: Re: [fw-wiz] The home user problem returns
Brian Loe wrote:
>>While I think that user ed is still a critical piece to the
>>puzzle, I think that the way that we go about attempting to
>>educate needs to change. That's what I was trying to get
>>across in my last email. It takes one on one interaction with people.
>
>
> If Ed WANTS to learn, he'll learn. If Ed wants his porn, you're annoying
> him, go away.
That's completely true. No argument here at all.
> Why has spam control become the responsibility of the ISP? Unless it's
> originating from your network - and you have specifically disallowed such
> usage on your network via contractual agreements between you and the
> customer - why do you care how much spam your customers get? Only as an
> add-on service should an ISP be involved.
Haven't you heard? Spam is a global problem. Many of the means of
dealing with spam involve voluntary cooperation from as many people as
possible to combat the problem. That cooperation entails such things as
outbound port 25 blocks at ISPs.
As for the recipient of the spam. Most ISPs now do a basic level of
inbound spam filtration, just to ease the load on their mail servers,
let alone appease angry customers. Most ISPs also offer a subscription
anti-spam service to those that want it. If you don't want to subscribe
to the anti-spam service, I assure you that there is still tons left
over after the ISP's basic filtering- you'll get all the spam you handle.
> I guess I'm still confused. What issues are you having because of your
> customer's lack of security? Loss of bandwidth? Attacks on your internal
> network? What, exactly, is the result of your customers being bad?
I'll give you some examples in a sec, but first, since we are tossing
quotes around, here's one for you, "An ounce of prevention is worth a
pound of cure". I know that I have to do my part and hope that others
do theirs. As a result the problem will diminish overall.
Here's an example that's not related to Internet access and bandwidth.
In North America (and starting to become a problem in most developed
nations), smoking is becoming a huge problem. Smoking is known to be
linked to many forms of cancer, birth defects, gum disease, many
respiratory diseases, etc, etc. - it's a really long list. Some people
consider smoking to be a personal choice, so lets run with that. My
first argument pertains more to Canada and other countries that have
public medical systems.
When enough people choose to smoke, they are placing an unnecessary
burden on the public medical system, thereby degrading it for everyone else.
You may be one of those militant smokers that feels it is their right to
smoke wherever they please. If you decide you want to smoke in public,
you may be smoking next to someone that is an asthmatic. It's well
known that second hand smoke is just as deadly, if not more so, than the
smoke you pull through your filter - if you and other militant smokers
get their way, non smokers are now suffering the same health problems
that are common amongst smokers. Other people may be enjoying the fresh
air or a good meal and you are denying them that. The effect can even
be as simple as making someone else's clothes stink. No matter how you
look at it, this is more than just your problem - you are involving
other people that may not want to have anything to do with you.
I promised I'd give you an example relating to your use of your Internet
connection. Here's one really good example for you.
Recently a bot found it's way onto a customer's computer. That bot
setup shop and began to send spam... through our not-so-smart smarthost.
The bot was also a worm and it started spewing like crazy trying to
find more hosts - it found some on our network and would have found some
out on the net if I hadn't put egress filters in place on our router a
year or two ago.
I got called into work outside normal hours to track down the bot, our
support people had to call the customer to let them know and they also
turned of the customer's modem until the infection was cleaned out.
They then had to start calling other customers and doing the same.
In the short time that the spam was flowing, our mail server managed to
find it's way onto a couple blacklists. As a result, customers that
didn't get the worm were still being affected because some of their
email bounced due to other mail admins using the blacklists that we
ended up on. This in turn generated support calls.
I then kicked myself for not having implemented rate limiting and really
basic spam filtering on our outbound smtp relay like I had planned to
and set about working out how I was going to do that. It turns out that
it not feasible with our current solution, so this week I'm working on
building a new mail server that will allow me to do the egress filtering
I need to do.
All in all, the fact that there weren't more safe guards in place cost
us time and money and affected a fair number of customers. It has also
pulled me away from other important work and thus I get further behind.
If that doesn't paint a clear enough picture of why you should not be
able to have a wide open un-restricted pipe of your own, let me know and
I'll give you some more examples.
--
Mason
--__--__--
Message: 4
Date: Mon, 12 Sep 2005 15:43:31 -0700
From: Mason Schmitt <mason@schmitt.ca>
To: Brian Loe <knobdy@stjoelive.com>
Cc: firewall-wizards@honor.icsalabs.com
Subject: Re: [fw-wiz] The home user problem returns
Brian Loe wrote:
> I think you're wrong. I don't think an ISP should baby-sit anymore than I
> think the government should. We are all responsible for our own actions.
> That's life. Its called personal responsibility and I support it
> wholeheartedly.
As has been pointed out on this list many times and even in this thread,
the average home user does not have the knowledge or resources to really
be responsible for the actions of their computers or those using them
for their own nefarious purposes. This is somewhat akin to the young
offenders act. You as an adult however, have full knowledge of what you
do and say and so should definitely be held responsible for your own
actions. That's the theory anyway. Given that people can spill coffee
on their lap and then successfully sue McDonalds gives me pause... Many
people seem to think that nothing is their responsibility. :P
> The
> spam, the viruses...you can't prevent me, your customer, from being stupid.
Can't stop you from being stupid, but I can certainly do something from
stopping your stupidity from harming others.
> Trying to do so only ruins the service for all of us. Now MY bandwidth is
> getting eaten by your good intentions just because my neighbor can't keep
> his teenager off the porn sites.
>
Actually, if the ISP is really being fair about it, your performance
overall may actually be improved. Seriously.
Bandwidth management is becoming a very important part of running an
ISP. If an ISP wants to provide customers with a connection that
"feels" fast, they have to get involved - caching, rate limiting,
filtering, bit caps. If ISPs did nothing to manage bandwidth, you
wouldn't be as happy with the result.
> PLEASE explain to me how my P2P app is going to affect you - my ISP - or my
> neighbor?
I'm not overly worried about your p2p app anymore and your neighbour
doesn't have to worry too much about it either.
--
Mason
--__--__--
Message: 5
Date: Tue, 13 Sep 2005 03:00:31 -0400
To: Mason Schmitt <mason@schmitt.ca>
From: Chris Blask <chris@blask.org>
Subject: Re: [fw-wiz] The home user problem returns
Cc: "Marcus J. Ranum" <mjr@ranum.com>,
firewall-wizards@honor.icsalabs.com
--=====================_251267593==.ALT
Content-Type: text/plain; charset="us-ascii"; format=flowed
At 03:59 PM 9/12/2005, Mason Schmitt wrote:
.d.
>Are my ideas ill-conceived?
no no, that was a general comment about Marcus being right (don't
tell him I said that!)... ;~)
>What specifically do you think is bullshit? Or is it just my approach
>in general? The better I understand this problem the better off I'm
>going to be.
Wrong tack. My comment was not in opposition to your comments, but
in something akin to agreement.
> > That right there is my point. The quantity of exposure that the average
> > Joe needs to understand the issues being discussed is "N", where N is a
> > very large number (particularly if Joe is 50+). We are currently about
> > 1/N into the process...
>
>I disagree. I don't think that N need be that large. Even now with the
>huge mess we have, N is manageable if it is presented properly and
>*people want to listen*. N can be reduced considerably if those
>providing PCs, network access, etc can improve the security of their
>offerings. This of course being a much longer term look at the problem.
N is a large number, but Joe is exposed to bits and pieces of it all
the time, and they are additive. The level of dumb-ass computer
question I get from the least capable has risen dramatically over the
last ten years - I take that as a good sign.
The lumpiness we experience in the educational levels of all the Joes
and Josies out there frustrates the crap out of a lot of people in a
very deep and personal way, because they suffer from it. Like so
many things, I find myself on the fence: I understand and share the
general frustrations - and Bad Things can still easily happen - but I
think diligence on the part of those of us here and our ilk will
continue to pay off. We will reach a utility model but I don't
expect to see it in my working career, so paranoia remains well founded.
>Here are two ways of looking at N. The first one applies to the present
>state of things, the second is longer term.
>
>N in a positive reinforcement scenario (short term)
>----------------------------------------------------
>If as a group, we like to preach least privilege, why do we keep trying
>to tell home users what they _shouldn't_ be doing? That sounds like
>default allow. Why not tell them what they should be doing? It's going
>to be a much shorter list.
"Make things as simple as possible but no simpler. "? :~)
>N as seen from within a mature utility model (long term)
>---------------------------------------------------------
>Here's another way of looking at the long term size of N. In one of the
>emails in this thread, someone mentioned that Internet access should be
>like a utility. I'd like to take that analogy (because that's what it
>is) and expand upon it.
.d. nice "Internet as Utility" bit
>Getting back to computers and the Internet... If these sorts of controls
>and industry maturity were in place, home users wouldn't be such a
>problem. The big problem is that the Internet right now is very much
>like the "Wild West" - it's young, immature, un-controlled and much
>about how it should work is still unknown. It just needs to mature.
The problem we are dealing with is that many consumers do not
understand what electricity is or why they should expect their razor
to shave their face but not be able to cook a well-turned prime rib -
or explode violently and tear off their arms, for that matter. They
are effectively Australopithicenes and we need to bring them up to at
least Victorian standards so they don't beat the computer with a
stick to kill the demons inside.
Don't get me wrong, I'm an optimist and see this all going quite
well, all in all, it's just a very large task to get all 6.5 (and
growing!) billion folks up to speed. Good news is that much of the
stuff they will learn through trial and tremendously messy error
(much like children). Our jobs inasmuch as we find ourselves in
oppotunities to educate is to get them through school with most of
their body parts and some idea how to behave, and why.
We can't even educate me enough to setup my mail client so Paul will
post my comments to this list (or whatever it is I'm doing wrong,
maybe blotting my copybook...:~D), so we certainly have work to do...
> > Lucy: "You can't subtract five from three!"
>
> > Linus: "You can if you're stupid!"
>
>I hadn't heard that exchange before. That's a good one :)
I got a Peanuts book when I was four for Christmas with that cartoon
in it. A few months later my dad taught me about negative numbers,
and the fact that something so obviously impossible could turn out to
be so completely wrong so quickly has always stuck with me. All
sorts of sh*t is possible if you just do it...
-woof!
-chris
"Sacred cows make the best hamburger. "
-Mark Twain
Chris Blask
chris@blask.org
http://blaskworks.blogspot.com
+1 416 358 9885
--=====================_251267593==.ALT
Content-Type: text/html; charset="us-ascii"
<html>
<body>
At 03:59 PM 9/12/2005, Mason Schmitt wrote:<br>
.d.<br>
<blockquote type=cite class=cite cite="">Are my ideas
ill-conceived? </blockquote><br>
no no, that was a general comment about Marcus being right (don't tell
him I said that!)... ;~)<br><br>
<blockquote type=cite class=cite cite="">What specifically do you think
is bullshit? Or is it just my approach<br>
in general? The better I understand this problem the better off
I'm<br>
going to be.</blockquote><br>
Wrong tack. My comment was not in opposition to your comments, but
in something akin to agreement.<br><br>
<blockquote type=cite class=cite cite="">> That right there is my
point. The quantity of exposure that the average<br>
> Joe needs to understand the issues being discussed is "N",
where N is a<br>
> very large number (particularly if Joe is 50+). We are
currently about<br>
> 1/N into the process...<br><br>
I disagree. I don't think that N need be that large. Even now
with the<br>
huge mess we have, N is manageable if it is presented properly and<br>
*people want to listen*. N can be reduced considerably if
those<br>
providing PCs, network access, etc can improve the security of their<br>
offerings. This of course being a much longer term look at the
problem.</blockquote><br>
N is a large number, but Joe is exposed to bits and pieces of it all the
time, and they are additive. The level of dumb-ass computer
question I get from the least capable has risen dramatically over the
last ten years - I take that as a good sign.<br><br>
The lumpiness we experience in the educational levels of all the Joes and
Josies out there frustrates the crap out of a lot of people in a very
deep and personal way, because they suffer from it. Like so many
things, I find myself on the fence: I understand and share the general
frustrations - and Bad Things can still easily happen - but I think
diligence on the part of those of us here and our ilk will continue to
pay off. We will reach a utility model but I don't expect to see it
in my working career, so paranoia remains well founded.<br><br>
<blockquote type=cite class=cite cite="">Here are two ways of looking at
N. The first one applies to the present<br>
state of things, the second is longer term.<br><br>
N in a positive reinforcement scenario (short term)<br>
----------------------------------------------------<br>
If as a group, we like to preach least privilege, why do we keep
trying<br>
to tell home users what they _shouldn't_ be doing? That sounds
like<br>
default allow. Why not tell them what they should be doing?
It's going<br>
to be a much shorter list.</blockquote><br>
"<font size=2>Make things as simple as possible but no simpler.
"? :~)<br><br>
</font><blockquote type=cite class=cite cite="">N as seen from within a
mature utility model (long term)<br>
---------------------------------------------------------<br>
Here's another way of looking at the long term size of N. In one of
the<br>
emails in this thread, someone mentioned that Internet access should
be<br>
like a utility. I'd like to take that analogy (because that's what
it<br>
is) and expand upon it.</blockquote><br>
.d. nice "Internet as Utility" bit<br><br>
<blockquote type=cite class=cite cite="">Getting back to computers and
the Internet... If these sorts of controls<br>
and industry maturity were in place, home users wouldn't be such a<br>
problem. The big problem is that the Internet right now is very
much<br>
like the "Wild West" - it's young, immature, un-controlled and
much<br>
about how it should work is still unknown. It just needs to
mature.</blockquote><br>
The problem we are dealing with is that many consumers do not understand
what electricity is or why they should expect their razor to shave their
face but not be able to cook a well-turned prime rib - or explode
violently and tear off their arms, for that matter. They are
effectively Australopithicenes and we need to bring them up to at least
Victorian standards so they don't beat the computer with a stick to kill
the demons inside.<br><br>
Don't get me wrong, I'm an optimist and see this all going quite well,
all in all, it's just a very large task to get all 6.5 (and growing!)
billion folks up to speed. Good news is that much of the stuff they
will learn through trial and tremendously messy error (much like
children). Our jobs inasmuch as we find ourselves in oppotunities
to educate is to get them through school with most of their body parts
and some idea how to behave, and why.<br><br>
We can't even educate me enough to setup my mail client so Paul will post
my comments to this list (or whatever it is I'm doing wrong, maybe
blotting my copybook...:~D), so we certainly have work to do... <br><br>
<blockquote type=cite class=cite cite="">> Lucy: "You can't
subtract five from three!"<br>
<br>
> Linus: "You can if you're stupid!"<br><br>
I hadn't heard that exchange before. That's a good one
:)</blockquote><br>
I got a Peanuts book when I was four for Christmas with that cartoon in
it. A few months later my dad taught me about negative numbers, and
the fact that something so obviously impossible could turn out to be so
completely wrong so quickly has always stuck with me. All sorts of
sh*t is possible if you just do it...<br><br>
-woof!<br><br>
-chris<br><br>
<br>
<x-sigsep><p></x-sigsep>
<font size=2>"Sacred cows make the best hamburger. "<br><br>
-Mark Twain <br><br>
</font>Chris Blask<br>
chris@blask.org<br>
<a href="http://blaskworks.blogspot.com" eudora="autourl">
http://blaskworks.blogspot.com<br><br>
</a>+1 416 358 9885 </body>
</html>
--=====================_251267593==.ALT--
--__--__--
Message: 6
From: "Brian Loe" <knobdy@stjoelive.com>
To: "'Mason Schmitt'" <mason@schmitt.ca>
Cc: <firewall-wizards@honor.icsalabs.com>
Subject: RE: [fw-wiz] The home user problem returns
Date: Tue, 13 Sep 2005 08:58:11 -0500
> > If Ed WANTS to learn, he'll learn. If Ed wants his porn, you're
> > annoying him, go away.
>
> That's completely true. No argument here at all.
What more can be done then? The opportunities for end users to learn are
boundless - if they choose to do it. You just agreed that you can't make
them learn so maybe we should just drop this from the options list.
> > Why has spam control become the responsibility of the ISP?
> Unless it's
> > originating from your network - and you have specifically
> disallowed
> > such usage on your network via contractual agreements
> between you and
> > the customer - why do you care how much spam your customers
> get? Only
> > as an add-on service should an ISP be involved.
>
> Haven't you heard? Spam is a global problem. Many of the
> means of dealing with spam involve voluntary cooperation from
> as many people as possible to combat the problem. That
> cooperation entails such things as outbound port 25 blocks at ISPs.
As I said, "Unless it's originating from your network..." I hate spam as
much as the next guy, but I hate most spam filters as well. If ISPs stopped
allowing spam to be sent, I would be able to get ALL of my e-mail that I
want and none to little that I don't.
> As for the recipient of the spam. Most ISPs now do a basic
> level of inbound spam filtration, just to ease the load on
> their mail servers, let alone appease angry customers.
In my opinion, that's where they make their mistake. Once they/you accept a
certain amount of liability you own it all.
> Most ISPs also offer a subscription anti-spam service to those
> that want it. If you don't want to subscribe to the
> anti-spam service, I assure you that there is still tons left
> over after the ISP's basic filtering- you'll get all the spam
> you handle.
I don't subscribe, and I get very little spam. I'm a "smart" e-mail user and
receive my spam elsewhere. :) Further, I can't chance losing e-mails that
are misunderstood by whatever filtering system my ISP is using.
>
> > I guess I'm still confused. What issues are you having
> because of your
> > customer's lack of security? Loss of bandwidth? Attacks on your
> > internal network? What, exactly, is the result of your
> customers being bad?
>
> I'll give you some examples in a sec, but first, since we are
> tossing quotes around, here's one for you, "An ounce of
> prevention is worth a pound of cure". I know that I have to
> do my part and hope that others do theirs. As a result the
> problem will diminish overall.
Well, I haven't thrown any quotes around yet, but a couple just came to
mind:
"The road to hell is paved with good intentions." (don't know who)
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." --Ben Franklin
> Here's an example that's not related to Internet access and bandwidth.
> In North America (and starting to become a problem in most
> developed nations), smoking is becoming a huge problem.
> Smoking is known to be linked to many forms of cancer, birth
> defects, gum disease, many respiratory diseases, etc, etc. -
> it's a really long list. Some people consider smoking to be
> a personal choice, so lets run with that.
I'm one of them, so lets. However I have to correct your theory here,
smoking is much more of a problem in underdeveloped countries - poor people
smoke, always have, always will.
> My first argument pertains more to Canada and other countries that have
public
> medical systems.
Why? It certainly helps make your point but has nothing to do with our
discussion. In fact, your arguing for the ISP to play mom and dad aligns
itself nicely with the philosophies behind state health care.
> When enough people choose to smoke, they are placing an
> unnecessary burden on the public medical system, thereby
> degrading it for everyone else.
How so? They're paying taxes on every tobacco product they buy. They die
before being kept alive in a nursing home for 10 years. As Rush is fond of
point out - cause it's true, which makes him right - smokers SAVE countries
money by paying taxes and then dying before they collect!
> You may be one of those militant smokers that feels it is
> their right to smoke wherever they please.
Only every place I paid for or have control of. :)
> If you decide you want to smoke in public, you may be smoking next to
someone
> that is an asthmatic.
That would be rude of me, but if I'm in a designated smoking area, rude of
him/her.
> It's well known that second hand smoke
> is just as deadly, if not more so, than the smoke you pull
> through your filter - if you and other militant smokers get
> their way, non smokers are now suffering the same health
> problems that are common amongst smokers.
Wrong on several levels, here's a few. The filter is more deadly than
anything in the tobacco - I smoke home-rolls with no filter - outside of the
chemicals the government has mandated be put into the product to help it
burn and other things. As for second-hand smoke, it has NEVER been PROVEN to
cause anything, and especially so in the great outdoors. They've done many
studies but nothing that has ever been conclusive or even fair. Most of
these studies have been debunked, discredited or called into serious
question by real scientists (who also don't like smoking, but have some
feelings toward professional integrity). Seems outrageous, given the media
on the subject, but if its not true let me fall over dead now.
> Other people may
> be enjoying the fresh air or a good meal and you are denying
> them that. The effect can even be as simple as making
> someone else's clothes stink. No matter how you look at it,
> this is more than just your problem - you are involving other
> people that may not want to have anything to do with you.
All parties are making a choice. The people who don't want to be near my
smoking should choose a restaurant that doesn't allow smoking or sit in the
non-smoking section. It's their/your choice and not my responsibility. You
don't walk into a place not owned or controlled by you and impose your will
on everyone there. In some places I know, that'd get you taken out back...
> I promised I'd give you an example relating to your use of
> your Internet connection. Here's one really good example for you.
<SNIP>
> I then kicked myself for not having implemented rate limiting
> and really basic spam filtering on our outbound smtp relay
> like I had planned to and set about working out how I was
> going to do that. It turns out that it not feasible with our
> current solution, so this week I'm working on building a new
> mail server that will allow me to do the egress filtering I
> need to do.
>
> All in all, the fact that there weren't more safe guards in
> place cost us time and money and affected a fair number of
> customers. It has also pulled me away from other important
> work and thus I get further behind.
>
> If that doesn't paint a clear enough picture of why you
> should not be able to have a wide open un-restricted pipe of
> your own, let me know and I'll give you some more examples.
More then, please. This is an example of a user getting hacked and outbound
traffic not being monitored - which as I stated originally, I agree is your
responsibility. It does not represent the reasoning behind my not being
"allowed" to use Shareaza or download bit torrent files all day long. It
doesn't qualify as an excuse for you to spy on my traffic (that isn't
hitting you in the way of outbound e-mail, scans, etc.) or throttle it down
below advertised, contracted and bought levels.
For me, and ISP should only respond to attacks on itself. This includes
outbound attacks (such as the bot you described) since it is using your mail
server and your IP range and thereby effecting your business. It also
includes attacks on your network appliances and servers. The people
responsible should be hunted down and killed. <g> BUT, and this is no small
but, that does not give you cause to play the part of my mom without even
being asked to do so! In my opinion anyway...
--__--__--
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
End of firewall-wizards Digest
No comments:
Post a Comment