[32366] in North American Network Operators' Group
Re: ISPs as content-police or method-police
daemon@ATHENA.MIT.EDU (Ben Browning)
Mon Nov 20 12:24:13 2000
Message-Id: <5.0.0.25.2.20001120091552.00b0d2e8@mail.oz.net>
Date: Mon, 20 Nov 2000 09:17:01 -0800
To: nanog@merit.edu
From: Ben Browning <benb@oz.net>
In-Reply-To: <200011201654.eAKGsXw27498@black-ice.cc.vt.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Errors-To: owner-nanog-outgoing@merit.edu
At 11:54 11/20/2000 -0500, Valdis.Kletnieks@vt.edu wrote:
>I suspect that if a large percentage of Tier 1/2 carriers actually filtered
>ports 137 through 139, we'd not be seeing anywhere near the amount of QAZ and
>similar activity. And as has been pointed out, you can ALWAYS punch a hole
>in the filter for customers who like to live risky, or they can find other
>ways to tunnel their packets.
Well, we'd actually see a good deal of QAZ still, if Tier One was filtering
it... QAZ primarily hunts in the same class C it lives in.
Aside from that, I certainly agree that it is not our job to dictate what
our customers can or cannot do on the big-eye-nternet. What I also think is
that it *is* our responsibility to maintain the sanctity of our networks. I
don't see any customers up-in-arms because of the lack of directed
broadcast services on most of our networks, and I think this situation is
roughly analogous.
The point is this: 137-139 are used for NetBIOS and Samba, neither of which
are secure (or even supported by their vendors, AFAIK) for use out on the
Internet. I think we can all agree that anyone using them in that
situation, shouldn't be.
---
Ben Browning <benb@oz.net>
oz.net Network Operations
Tel (206) 443-8000 Fax (206) 443-0500
http://www.oz.net/
