> * ISP would block all ports for incoming traffic by default, at least > for residential customers, and preferable for corporate customers as > well. I think that if you've ever tried to perform this type of packet filtering in a provider-level network, you'd change your opinion in a heartbeat. It's just not practical. And I'll leave be the issues of privacy and accountability. First of all, it would be a nightmare to manage the access-lists themselves. Add to that the fact that it would be impossible to objectively grant or deny access to services. Who is my ISP to say what services are adequately secured and permissible? Second, and this is the whopper, such a system would bring the routing devices themselves to their knees. If you've ever tried to implement even basic packet filtering on an OC-X circuit, it ain't pretty. And it doesn't become any more feasible at lower speeds, because lower speeds just mean more circuits, which is arguably even worse. > I am aware that most ISP's are operating within tight budgets, I am > less aware of the impact of such a scheme on costs. The costs would substantial, and would, without a doubt, be passed directly and entirely to the customer. > One benefit for the ISP would be a reduced load on abuse@.. A benefit > for the customer would be reduced maintenance and clean-up costs. The > benefits for the community are obvious. The cost of hiring more abuse monkeys (no offense, folks!) would be a flash in the pan compared to the proposed alternative. > What do you think ? In a perfect world, it would be a good idea. But in practice: very, very unlikely. If it were to materialize at some point, it would only be because of a government regulation, and would have huge financial implications from the highest level of providers to the smallest of clients. Just my $.02... Keith ---------------------------------------------------------------------------- *** Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs. To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-incidents ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu May 22 2003 - 11:41:30 PDT