North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: ISPs as content-police or method-police
At 11:54 11/20/2000 -0500, Valdis.Kletnieks@vt.edu wrote:
Well, we'd actually see a good deal of QAZ still, if Tier One was filtering it... QAZ primarily hunts in the same class C it lives in.I suspect that if a large percentage of Tier 1/2 carriers actually filtered ports 137 through 139, we'd not be seeing anywhere near the amount of QAZ and similar activity. And as has been pointed out, you can ALWAYS punch a hole in the filter for customers who like to live risky, or they can find other ways to tunnel their packets.
Aside from that, I certainly agree that it is not our job to dictate what our customers can or cannot do on the big-eye-nternet. What I also think is that it *is* our responsibility to maintain the sanctity of our networks. I don't see any customers up-in-arms because of the lack of directed broadcast services on most of our networks, and I think this situation is roughly analogous.
The point is this: 137-139 are used for NetBIOS and Samba, neither of which are secure (or even supported by their vendors, AFAIK) for use out on the Internet. I think we can all agree that anyone using them in that situation, shouldn't be.
Ben Browning <firstname.lastname@example.org>
oz.net Network Operations
Tel (206) 443-8000 Fax (206) 443-0500