North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ISPs as content-police or method-police

  • From: Ben Browning
  • Date: Mon Nov 20 12:25:18 2000

At 11:54 11/20/2000 -0500, Valdis.Kletnieks@vt.edu wrote:
I suspect that if a large percentage of Tier 1/2 carriers actually filtered
ports 137 through 139, we'd not be seeing anywhere near the amount of QAZ and
similar activity.  And as has been pointed out, you can ALWAYS punch a hole
in the filter for customers who like to live risky, or they can find other
ways to tunnel their packets.
Well, we'd actually see a good deal of QAZ still, if Tier One was filtering it... QAZ primarily hunts in the same class C it lives in.

Aside from that, I certainly agree that it is not our job to dictate what our customers can or cannot do on the big-eye-nternet. What I also think is that it *is* our responsibility to maintain the sanctity of our networks. I don't see any customers up-in-arms because of the lack of directed broadcast services on most of our networks, and I think this situation is roughly analogous.

The point is this: 137-139 are used for NetBIOS and Samba, neither of which are secure (or even supported by their vendors, AFAIK) for use out on the Internet. I think we can all agree that anyone using them in that situation, shouldn't be.


---
Ben Browning <benb@oz.net>
oz.net Network Operations
Tel (206) 443-8000 Fax (206) 443-0500
http://www.oz.net/