[32363] in North American Network Operators' Group
ISPs as content-police or method-police
daemon@ATHENA.MIT.EDU (Ehud Gavron)
Mon Nov 20 11:23:15 2000
Date: Mon, 20 Nov 2000 09:21:10 -0700
From: Ehud Gavron <gavron@ACES.COM>
To: Adam Rothschild <asr@latency.net>
Cc: nanog@merit.edu
Message-id: <3A194F75.75925C0C@Wetwork.Net>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
You know, this all started with "Hey, what do you all think
of blocking such and such port."
Clients who get connections from us* expect an open pipe,
no content censorship, and no impediment to action.
This type of discussion "Block SMB", "Block SMTP to
external servers", "Block harmful-of-the-day-thing"
should be limited to those special handheld customers
who pay for managed secure networks.
It is clear (to me) that customers who get a connection
to the net do NOT want that connection limited nor
censored.
Ehud
*us being those who provide Internet Protocol
connectivity in the Free World (tm).
p.s. As NANOG goes the way of Usenet, the name of the
group is less important than creating impediment to
S/N reduction.
Adam Rothschild wrote:
> On Sat, Nov 18, 2000 at 08:19:12PM -0800, Roeland Meyer wrote:
> > You'd have LOTs of complaint from me and many of my clients. Many of
> > us log into our external gateway PDCs from foriegn locations. We
> > have shares because we want shares.
>
> Yikes. Isn't that what secure road-warrior VPNs are for?
>
> > You are considering killing off a whole bunch of legitimate use
> > because some are too brain-dead to not have unintentional shares on
> > the internet?
>
> Intentional or not, sniffing SMB passwords and share info doesn't
> require much skill.
>
> > We use SMB/Samba INSTEAD of NFS because we believe SMB to be more
> > secure.
>
> That's like saying the electrical chair may be far more appealing to
> some than lethal injection. NFS and SMB are both insecure and
> inefficient mechanisms for file transfer over the public Internet.
> SMB may be the lesser of the two evils, but it's really irrelevant.
> Why not use ssh/sftp, or for the Unix impaired, some https-based file
> transfer interface, instead?
>
> On Sun, Nov 19, 2000 at 09:06:06AM -0800, Roeland Meyer wrote:
> > [...] in addition, you block the NetBIOS ports then you block
> > application-level access for 80% of internet users.
>
> Howso? Sounds like you'd be promoting responsible usage instead.
>
> -adam
