[102913] in North American Network Operators' Group
RE: Customer-facing ACLs
daemon@ATHENA.MIT.EDU (Carpenter, Jason)
Fri Mar 7 19:16:49 2008
From: "Carpenter, Jason" <Jason.Carpenter@citadelgroup.com>
To: "nanog@merit.edu" <nanog@merit.edu>
Date: Fri, 7 Mar 2008 18:15:32 -0600
In-Reply-To: <20080307155713.6D5C48A6@resin17.mta.everyone.net>
Errors-To: owner-nanog@merit.edu
That's the problem isn't it? Who decides what can and cant go through. I th=
ink the tier approach is better, a basic user account where everything is b=
locked and a Sysadmin type account where everything is open. If the price i=
s different enough then only people who are going to use those extra ports =
will actually pay for it.
-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Sco=
tt Weeks
Sent: Friday, March 07, 2008 5:57 PM
To: nanog@merit.edu
Subject: Re: Customer-facing ACLs
--- dave.nanog@alfordmedia.com wrote:
> To me there is no question of whether or not you filter traffic for
> residential broadband customers.
SBC in my area (Dallas) went from wide open to outbound 25 blocked by
default/opened on request. I think doing the same thing with port 22 would
hardly be an undue burden on users, and would help keep botnets in check.
------------------------------------------------
Might as well do TCP 20, 21 and 23, too. Woah, that slope's getting slippe=
ry!
scott
CONFIDENTIALITY AND SECURITY NOTICE
The contents of this message and any attachments may be confidential and pr=
oprietary and also may be covered by the Electronic Communications Privacy =
Act. This message is not intended to be used by, and should not be relied u=
pon in any way by, any third party. If you are not an intended recipient, =
please inform the sender of the transmission error and delete this message =
immediately without reading, disseminating, distributing or copying the con=
tents. Citadel makes no assurances that this e-mail and any attachments are=
free of viruses and other harmful code.
